The assertions draft is only trying to describe how to perform assertion-based authentication at the Token Endpoint. Other drafts, such as the introspection draft, could explicitly say that this can also be done in the same manner there, but that's an extension, and should be specified by the extension draft, if appropriate - not in the assertions draft.
Justin may have more to say about the applicability or lack of it to the introspection draft, but I'm personally not familiar with it. -- Mike -----Original Message----- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, April 23, 2014 5:09 AM To: oauth@ietf.org Subject: [OAUTH-WG] Assertions: Client authentication for non-token endpoints? Hi all, in a discussion about re-using the client authentication part of the assertion framework for other specifications currently in progress I ran into the following question: Section 6.1 of http://tools.ietf.org/html/draft-ietf-oauth-assertions-15 talks about the client using the assertion with the **token endpoint**. Now, it appears that one cannot use the client authentication with other endpoints, such as the introspection endpoint defined in http://tools.ietf.org/html/draft-richer-oauth-introspection-04#section-2 Am I reading too much into Section 6.1 of the assertion draft? Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth