I think James makes a good point here.
On Thu, Dec 9, 2010 at 10:45 PM, Manger, James H
james.h.man...@team.telstra.com wrote:
I think these items shouldn't be in the bearer spec at all. They are about
getting a token, not about using a bearer token so they should be left to
the core spec.
section 5.1.5 Assertion
I expected the assertion flow to be replaced by a general extension
model for new grant types (as described in section 7.4)?
But the the current text in section 5.1.5. requires every new grant type
to use the assertion parameter. Thus it supports additional assertion
Am 13.12.2010 22:27, schrieb Marius Scurtescu:
On Mon, Dec 13, 2010 at 11:00 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
section 5.2
“The authorization server SHOULD NOT issue a refresh token when the access
grant type is an assertion or a set of client credentials.”
How shall the
I think the 'assertion' parameter should be moved into this draft and defined
there. This will also facilitate its proper definition and status (required,
singular, etc.).
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Brian Campbell