Torsten made a good argument that now that we combined assertions and extensions into a single mechanism, it does not make sense to make the 'assertion' parameter required, and that some extensions will be confusing with such a parameter name. In addition, the recent document split demoted this specification from 'core' to 'framework' which is more friendly to extensions and companion specifications.
I would suggest we drop the assertion parameter from the spec, but add a directly reference to the SAML assertion specification and give an example showing the parameter. This will remove the normative language (which really doesn't belong there - something I've long maintained), but will keep the SAML assertion option on equal ground (directly demonstrated in the spec). After all, you can't implement assertions just by reading the framework spec, you still need the SAML work. This will require moving the SAML into a WG item (not a must but best) which I am supportive of and would like to see happen quickly (in a few days). Thoughts? EHL > -----Original Message----- > From: Brian Campbell [mailto:bcampb...@pingidentity.com] > Sent: Tuesday, December 14, 2010 8:11 AM > To: Torsten Lodderstedt > Cc: Eran Hammer-Lahav; oauth > Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell- > oauth-saml-01 > > Future revisions of this SAML draft will build off whatever > assertion/extension mechanism is provided by the core framework spec. > However, some compelling reasons were previously given for keeping the > 'assertion' (one thread on the topic: > http://www.ietf.org/mail-archive/web/oauth/current/msg04401.html) > parameter in core. Has the thinking on that changed? > > On Tue, Dec 14, 2010 at 9:05 AM, Torsten Lodderstedt > <tors...@lodderstedt.net> wrote: > > +1 > > > > > > > > Am 14.12.2010 um 04:19 schrieb Eran Hammer-Lahav > <e...@hueniverse.com>: > > > >> I think the 'assertion' parameter should be moved into this draft and > defined there. This will also facilitate its proper definition and status > (required, singular, etc.). > >> > >> EHL > >> _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
