On Sat, Nov 2, 2013 at 2:07 AM, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Item #5: You write: > > " > The <Subject> element MUST contain at least one > <SubjectConfirmation> element that allows the authorization > server to confirm it as a Bearer Assertion. > " > > What do you mean that the AS confirms that it is a bearer assertion?
Confirmation is a term from SAML which is honestly not well understood by many people (myself included) but I'm trying to be consistent with that in how I use it here. But it's not necessary and #5 is just stating how the <SubjectConfirmation> element needs to look. Perhaps rewording it to just not use the confirm language would be better? > I think > what you rather want to say is that the AS indicates that it is a bearer > assertion. No, it's just language around what needs to be validated in the <SubjectConfirmation> element of the assertion because it is a bearer assertion. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth