Yeah Sergey, your second interpretation is more along the lines of what the
draft(s) intended to convey.
The drafts are all due (overdue really) for an update and I'll try and and
some clarifications around this when I get to doing the edits.
Thanks for the feedback.
On Thu, Feb 21, 2013 at 3
On 20/02/13 11:45, Sergey Beryozkin wrote:
On 19/02/13 14:27, Brian Campbell wrote:
The scope of assertion based client authentication is only in OAuth and
only for the client calling the AS's token endpoint. Defining a general
HTTP auth scheme for assertions would have a much broader scope and
On 19/02/13 14:27, Brian Campbell wrote:
The scope of assertion based client authentication is only in OAuth and
only for the client calling the AS's token endpoint. Defining a general
HTTP auth scheme for assertions would have a much broader scope and be
much more difficult to standardize.
Unde
The scope of assertion based client authentication is only in OAuth and
only for the client calling the AS's token endpoint. Defining a general
HTTP auth scheme for assertions would have a much broader scope and be much
more difficult to standardize.
On Tue, Feb 19, 2013 at 6:54 AM, Sergey Beryoz
Hi,
Assertions like SAML2 Bearer can be used for authenticating the client.
Why a dedicated Authorization scheme can not be introduced, instead of
or in addition to "client_assertion" & "client_assertion_type" parameters ?
IMHO, the following
Authorization: SAML "base64url-encoded assertion"