On Thu, Jan 20, 2011 at 1:25 PM, Brian Campbell
<bcampb...@pingidentity.com> wrote:
> I'd argue that, for reliable interoperability, both of those cases would
> require an extension or at least some level of agreement about the format
> and validation rules of the assertion.

I do agree that an extension would be useful for the second case, but
I don't think the client needs to know about it. I think it is
somewhat similar with the situation of the scope parameter.

Marius
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to