Re: [OAUTH-WG] Using SAML2 Bearer for the authentication

2013-02-21 Thread Brian Campbell
Yeah Sergey, your second interpretation is more along the lines of what the draft(s) intended to convey. The drafts are all due (overdue really) for an update and I'll try and and some clarifications around this when I get to doing the edits. Thanks for the feedback. On Thu, Feb 21, 2013 at 3

Re: [OAUTH-WG] Using SAML2 Bearer for the authentication

2013-02-21 Thread Sergey Beryozkin
On 20/02/13 11:45, Sergey Beryozkin wrote: On 19/02/13 14:27, Brian Campbell wrote: The scope of assertion based client authentication is only in OAuth and only for the client calling the AS's token endpoint. Defining a general HTTP auth scheme for assertions would have a much broader scope and

Re: [OAUTH-WG] Using SAML2 Bearer for the authentication

2013-02-20 Thread Sergey Beryozkin
On 19/02/13 14:27, Brian Campbell wrote: The scope of assertion based client authentication is only in OAuth and only for the client calling the AS's token endpoint. Defining a general HTTP auth scheme for assertions would have a much broader scope and be much more difficult to standardize. Unde

Re: [OAUTH-WG] Using SAML2 Bearer for the authentication

2013-02-19 Thread Brian Campbell
The scope of assertion based client authentication is only in OAuth and only for the client calling the AS's token endpoint. Defining a general HTTP auth scheme for assertions would have a much broader scope and be much more difficult to standardize. On Tue, Feb 19, 2013 at 6:54 AM, Sergey Beryoz

[OAUTH-WG] Using SAML2 Bearer for the authentication

2013-02-19 Thread Sergey Beryozkin
Hi, Assertions like SAML2 Bearer can be used for authenticating the client. Why a dedicated Authorization scheme can not be introduced, instead of or in addition to "client_assertion" & "client_assertion_type" parameters ? IMHO, the following Authorization: SAML "base64url-encoded assertion"