Touché... ;) On Thu, Oct 16, 2014 at 4:36 PM, Richard Barnes <r...@ipv.sx> wrote:
> That's what you get for duplicating all the text :) > > On Thu, Oct 16, 2014 at 2:00 PM, Brian Campbell < > bcampb...@pingidentity.com> wrote: > >> Basically the same response to the basically same question as from >> http://www.ietf.org/mail-archive/web/oauth/current/msg13608.html >> >> On Wed, Oct 15, 2014 at 9:56 PM, Richard Barnes <r...@ipv.sx> wrote: >> >>> Richard Barnes has entered the following ballot position for >>> draft-ietf-oauth-saml2-bearer-21: Discuss >>> >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> >>> >>> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> >>> >>> The document, along with other ballot positions, can be found here: >>> http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/ >>> >>> >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> As with draft-ietf-oauth-assertions, the requirement for an <Audience> >>> element seems entirely unnecessary. Holding this DISCUSS point pending >>> that discussion and its reflection in this document. >>> >>> "Assertions that do not identify the Authorization Server as an intended >>> audience MUST be rejected." -- What does it mean for an assertion to >>> "identify the Authorization Server"? Does the specified <Audience> need >>> to match the entire URL of the relevant OAuth endpoint? Just the origin? >>> Just the domain? Does the URL need to be canonicalized? >>> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
