The assertions draft is only trying to describe how to perform assertion-based
authentication at the Token Endpoint. Other drafts, such as the introspection
draft, could explicitly say that this can also be done in the same manner
there, but that's an extension, and should be specified by the extension draft,
if appropriate - not in the assertions draft.
Justin may have more to say about the applicability or lack of it to the
introspection draft, but I'm personally not familiar with it.
-- Mike
-----Original Message-----
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, April 23, 2014 5:09 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Assertions: Client authentication for non-token endpoints?
Hi all,
in a discussion about re-using the client authentication part of the assertion
framework for other specifications currently in progress I ran into the
following question:
Section 6.1 of
http://tools.ietf.org/html/draft-ietf-oauth-assertions-15 talks about the
client using the assertion with the **token endpoint**.
Now, it appears that one cannot use the client authentication with other
endpoints, such as the introspection endpoint defined in
http://tools.ietf.org/html/draft-richer-oauth-introspection-04#section-2
Am I reading too much into Section 6.1 of the assertion draft?
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
