> > We need a protocol that does both authentication and > > authorization. We can take OAuth and adapt it for > > authentication, or take OpenID and adapt it for > > authorization, or combine OpenID and OAuth (great solution > > for people who love complexity) or... take the best ideas > > from OpenID and OAuth and incorporate them into a new > > protocol that's designed from the start for both > > authentication and authorization. That's one of my > > motivations for proposing PKAuth. > > Are you aware of OpenIDConnect? > > http://openidconnect.com/
And also the latest drafts of OpenID Artifact Binding: http://wiki.openid.net/w/page/12995134/Artifact-Binding (Don't have a link to the latest draft spec that uses OAuth2 terminology-- Nat, do you have something?) -- Justin _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
