On Thu, Oct 16, 2014 at 2:54 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote:
> > > Some stuff needs to be exchanged out-of-band for this to work. > > Entity/issuer/audience identifiers are part of that. This need is > discussed > > in the Interoperability Considerations at > > https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-21#section-5 > > So I think it'd be good to explicitly call out that these > mappings are basically required and that they can be fraught > (e.g. if someone uses wildcards badly, which they do). > OK, I will add something to that effect in the next revisions.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth