pplication (as in a typical authorization code flow for
>> example where a user is physically present), the user only knows that a
>> log-on has happened ?
>>
>> I guess a client application needs to tell the user upfront somehow ? Or
>> the end user should go and pre
Behalf Of Brian
Campbell
Sent: Tuesday, July 23, 2013 9:14 AM
To: Pedro Felix
Cc: oauth
Subject: Re: [OAUTH-WG] Using SAML for authentication *and* as Authorization
Grants
Seems legitimate to me. In fact, initial versions of the draft sought to
simplify things by restricting the audience restr
Seems legitimate to me. In fact, initial versions of the draft sought to
simplify things by restricting the audience restriction and subject
confirmation to single elements but was expanded to allow for this kind of
scenario.
In my (somewhat limited) experience, however, support in SAML products f
