Thanks for the response, Eran. I'm breaking this thread up into the distinct issues. Reply inline below to the first item about client auth.
On Thu, Jul 7, 2011 at 11:24 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > > > However, the SAML draft does not currently cover SAML for client > > authentication and profiling draft-ietf-oauth-assertions would suggest that > > it > > should. Is there any general consensus as to if SAML should be profiled as > > a > > client authentication method? It is certainly feasible but might require > > restructuring and retitling the draft. > > Are there use cases pending such functionality today? It would be a shame to > delay an otherwise useful draft when the functionality can be added later. I don't have any such use cases in the near future. Perhaps others can speak up? I personally see assertion based grants as being more important and more immediately useful. That was one of the reasons I was looking to keep assertion grants and client assertion authentication separate. That said, Chuck has done a nice job with his general treatment of them together in draft-ietf-oauth-assertions and the logical thing to do, in terms of how the various documents play together, would be to have draft-ietf-oauth-saml2-bearer cover client auth now too. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
