http://tools.ietf.org/html/draft-ietf-oauth-assertions-01
Section 7's second portion about a client including multiple credentials types seems buried down here in the Error Responses section for something this fundamental. It also conflates discussion of selection of this client authorization type in here, where it ought to be in its own section, closer to the top.
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02
This one seems fine to me, very straightforward.
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-10
As I try to avoid SAML in general, I'm not a good person to comment on this draft.
-- Justin
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
