A number of us in the community have been working on a general model for the use of Assertions in OAuth2 for both client authentication, as well as authorization grants. We've reached general consensus on a doc that I've published as a draft:
http://www.ietf.org/id/draft-mortimore-oauth-assertions-00.txt Feedback and discussion welcome! Thanks -cmort
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
