The assertion flow has been "upgraded" from an edge case to the way new access grants are defined. It's part of the extensibility model, and as such, is going to stay in the core spec.
EHL -----Original Message----- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Friday, August 13, 2010 1:55 PM To: David Recordon Cc: oauth Subject: Re: [OAUTH-WG] more than one assertion? On Thu, Aug 12, 2010 at 2:04 PM, David Recordon <record...@gmail.com> wrote: > Given that, would you strongly object to these proposals being written > in a separate document than the core spec? The device flow is a good > example of where we're doing this. We really think that it will be > useful, are working on implementations, but it hasn't yet been proven > in production. The assertion flow should stay in core (others have expressed this opinion as well). I've got interop tested code built on that that is about to GA. As far as the client assertions, I do believe there's real value in having a clean extension point for stronger forms of client authentication. Yaron's proposed language does a pretty good job I think. But if it can be done in a simpler way, let's discuss. I'll probably regret saying this, but what about not using the word "assertion" for stronger client auth options? That might help eliminate some confusion. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
