From: Anthony Nadalin <tony...@microsoft.com<mailto:tony...@microsoft.com>> Date: Fri, 22 Apr 2011 14:51:33 -0700
AJN-> So the client credentials originate from WRAP also, it’s not completely new, it may be new the way that it got worded but the same functionality was in WRAP. The section 5.2 (and subsections) in the WAP specification is where you see the assertion documented but what is not explicitly stated (other than additional parameters clause)there but not disallowed is the ability to have the access_token (additional parameters) also specified so you were allowed to have 2 assertions in WRAP for authentication It is completely new. The two assertions functionality is certainly NOT in WRAP. It is not even hinted at. Seems to me you just made my case for dropping this issue. If this is your rational for adding two assertions support in v2, then we can be done right now. v2 already gives you the exact same 'additional parameters' support and does not disallow two assertions. You have made statements in the past that WRAP did everything you needed and that v2 has to cover the same scope. Well, it already does. We can certainly continue to debate whether v2 needs to address this new use case, and if so how to accomplish it, but that is based solely on new requirements and is an expansion of the agreed protocol scope (WRAP + OAuth 1.0). EHL
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
