Hi Hannes,
Near the end of §1 of your draft -04 you discuss client authentication with
the Resource Server by saying that the client authentication concerns steps
(E) and (F) in figure 1. However, my reading of §2.3 of the core OAuth
Framework[1] was that only client authentication to the AS was i
Hi Brian,
thanks for your response. I have tried to put additional text into version -04
of the draft to address my earlier comments.
The most recent version of the updated document is there:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/oauth-assertions/draft-ietf-oauth-asser
Thanks for the comments Hannes. I've attempted to answer some of your
questions/comments inline below (or at least provide some additional info,
context or explanation).
On Thu, May 24, 2012 at 12:39 PM, Hannes Tschofenig <
hannes.tschofe...@gmx.net> wrote:
> Hi Chuck, Mike, Brian, and Yaron,
>
>
Just catching up here - thanks for the comments Hannes. Did you merge these
in by yourself?
-cmort
On May 24, 2012, at 11:39 AM, Hannes Tschofenig wrote:
> Hi Chuck, Mike, Brian, and Yaron,
>
> I reviewed the document as part of my shepherding role and I believe there is
> still room for im
Hi Chuck, Mike, Brian, and Yaron,
I reviewed the document as part of my shepherding role and I believe there is
still room for improvement with the document. I think the document suffers from
the problem that you essentially want to cover every possible use case in a
single document. So, let me
