> By choosing the right token format you could have a claims based > implementation of OAuth. If you use a SWT, the name value pairs in them can > represent simple claims.
Yeps. Thanks. I also figured out that the actual authorization between the end-user and the authentication server can be done using any standard authentication mechanism (SAML, CardSpace, SWT, whatever). After that the access token format doesn't matter. I guess it's much like using a session cookie with some internal representation. /Jørn -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.