On 2010-06-03, at 7:54 AM, Thomas Hardjono wrote: > Dick, Brian, > > Thanks for the clarification. > > - Is the Assertion Flow designed only for the STS, > or can it be used with other "identity providers" (non-WSS).
It can be used with any tokens. I use the STS term to clarify the design pattern. > > - Also, is it the expectation that a "profile" of OAuth2.0 > be created to address certain use-cases. Such as? > > PS. Compared to the details of RFC4120 and even > to the old ISAKMP in the IETF, the current > OAuth2.0 draft-05 spec appear to be a high-level framework > that needs to be instantiated/profiled. Agreed there are some aspects of OAuth that are left to other documentation. Standardizing what can easily be standardized has proven very useful to implementors. -- Dick _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
