On Thu, May 13, 2010 at 8:26 AM, Chuck Mortimore <cmortim...@salesforce.com> wrote: > Our plan is to treat SAML assertions passed over the assertion flow as > bearer assertions, so I believe we have everything we need contained within > the assertion (issuer + audience + signature). That being said, if we want > this to be an extensible flow, not all assertion formats will be so > transparent. > > I think this is a reasonable suggestion, as long as the clientid/secret are > entirely optional. Not in support of a second User Assertion Flow.
Yes. This sounds right to me. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
