I agree with mike that any additional guidance on when you'd want to use an
assertion for client authentication vs. when you would want to use one for
an authorization grant would belong in the generic assertions specification
draft-ietf-oauth-assertions.
I'm struggling with what guidance to give
Thanks for your review, Radia. I've added the working group to the thread so
that they're aware of your comments.
> From: Radia Perlman [mailto:radiaperl...@gmail.com]
> Sent: Monday, September 29, 2014 4:46 PM
> To: sec...@ietf.org; The IESG; draft-ietf-oauth-jwt-bearer@tools.ietf.org
> Su
