I think the 'assertion' parameter should be moved into this draft and defined there. This will also facilitate its proper definition and status (required, singular, etc.).
EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Brian Campbell > Sent: Monday, December 13, 2010 2:53 PM > To: oauth > Subject: [OAUTH-WG] Fwd: New Version Notification for draft-campbell- > oauth-saml-01 > > Draft -01 of "SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0" is > now available at http://www.ietf.org/id/draft-campbell-oauth-saml-01.txt > > The changes (change log pasted blow) are mostly responding to feedback > from this WG and from the SSTC as well as bringing it up to date with draft- > ietf-oauth-v2-11. The one change that was previously discussed on this list > that I didn't incorporate into the draft, and I'm still somewhat on the fence > about, is allowing for more than one assertion. > > Comments and questions are welcome as always. > > Thanks, > Brian > > -01 > > o Updated to reference draft-ietf-oauth-v2-11 and reflect changes > from -10 to -11. > > o Updated examples. > > o Relaxed processing rules to allow for more than one > SubjectConfirmation element. > > o Removed the 'MUST NOT contain a NotBefore attribute' on > SubjectConfirmationData. > > o Relaxed wording that ties the subject of the Assertion to the > resource owner. > > o Added some wording about identifying the client when the subject > hasn't directly authenticated including an informative reference > to SAML V2.0 Condition for Delegation Restriction. > > o Added a few examples to the language about verifying that the > Assertion is valid in all other respects. > > o Added some wording to the introduction about the similarities to > Web SSO in the format and processing rules > > o Changed the grant_type (was assertion_type) URI from > http://oauth.net/assertion_type/saml/2.0/bearer to > http://oauth.net/grant_type/assertion/saml/2.0/bearer > > o Changed title to include "Grant Type" in it. > > o Editorial updates based on feedback from the WG and others > (including capitalization of Assertion when referring to SAML). > > > > > > ---------- Forwarded message ---------- > From: IETF I-D Submission Tool <idsubmiss...@ietf.org> > Date: Mon, Dec 13, 2010 at 3:10 PM > Subject: New Version Notification for draft-campbell-oauth-saml-01 > > A new version of I-D, draft-campbell-oauth-saml-01.txt has been successfully > submitted by Brian Campbell and posted to the IETF repository. > > Filename: draft-campbell-oauth-saml > Revision: 01 > Title: SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 > Creation_date: 2010-12-13 > WG ID: Independent Submission > Number_of_pages: 11 > > Abstract: > This specification defines the use of a SAML 2.0 bearer Assertion as means > for requesting an OAuth 2.0 access token. > > > > The IETF Secretariat. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
