On 2010-06-03, at 8:20 AM, Peter Saint-Andre wrote: > On 6/3/10 8:54 AM, Thomas Hardjono wrote: > >> PS. Compared to the details of RFC4120 and even >> to the old ISAKMP in the IETF, the current >> OAuth2.0 draft-05 spec appear to be a high-level framework >> that needs to be instantiated/profiled. > > At least for the assertion flow, that's definitely true. At the interim > meeting we had some discussion about perhaps pulling the assertion flow > out of the base spec and into a separate document. Perhaps that's the > best way to proceed.
I think all of the flows have some aspect that requires the developer reading some context specific documentation to implement and that standardizing what we can is useful. The assertions being passed around are based on specs that themselves need to be profiled often. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
