On Thu, Jan 20, 2011 at 1:25 PM, Brian Campbell <bcampb...@pingidentity.com> wrote: > I'd argue that, for reliable interoperability, both of those cases would > require an extension or at least some level of agreement about the format > and validation rules of the assertion.
I do agree that an extension would be useful for the second case, but I don't think the client needs to know about it. I think it is somewhat similar with the situation of the scope parameter. Marius _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth