So is the intent to provide an enterprise authentication claim? I would think that the proposal would use JWT as the token and then define the appropriate claim in the JWT
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Phil Hunt Sent: Monday, July 29, 2013 1:14 AM To: oauth@ietf.org WG Subject: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt FYI. I have been noticing a substantial number of sites acting as OAuth Clients using OAuth to authenticate users. I know several of us have blogged on the issue over the past year so I won't re-hash it here. In short, many of us recommended OIDC as the correct methodology. Never-the-less, I've spoken with a number of service providers who indicate they are not ready to make the jump to OIDC, yet they agree there is a desire to support authentication only (where as OIDC does IDP-like services). This draft is intended as a minimum authentication only specification. I've tried to make it as compatible as possible with OIDC. For now, I've just posted to keep track of the issue so we can address at the next re-chartering. Happy to answer questions and discuss. Phil @independentid www.independentid.com<http://www.independentid.com> phil.h...@oracle.com<mailto:phil.h...@oracle.com> Begin forwarded message: From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> Subject: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt Date: 29 July, 2013 9:49:41 AM GMT+02:00 To: Phil Hunt <phil.h...@yahoo.com<mailto:phil.h...@yahoo.com>>, Phil Hunt <n...@ietfa.amsl.com<mailto:n...@ietfa.amsl.com>>, Phil Hunt <> A new version of I-D, draft-hunt-oauth-v2-user-a4c-00.txt has been successfully submitted by Phil Hunt and posted to the IETF repository. Filename: draft-hunt-oauth-v2-user-a4c Revision: 00 Title: OAuth 2.0 User Authentication For Client Creation date: 2013-07-29 Group: Individual Submission Number of pages: 9 URL: http://www.ietf.org/internet-drafts/draft-hunt-oauth-v2-user-a4c-00.txt Status: http://datatracker.ietf.org/doc/draft-hunt-oauth-v2-user-a4c Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-v2-user-a4c-00 Abstract: This specification defines a new OAuth2 endpoint that enables user authentication session information to be shared with client applications. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth