New versions of the three OAuth assertion related drafts have been
published. The documents are available in the usual locations:
Assertion Framework for OAuth 2.0
http://tools.ietf.org/html/draft-ietf-oauth-assertions-06
SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
http://tools.ietf.org/html
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0
Author(s) : Brian Campbell
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT) Bearer Token Profiles for OAuth
2.0
Author(s) : Michael B. Jones
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Assertion Framework for OAuth 2.0
Author(s) : Brian Campbell
C
Adam,
In your use case, how does AS request user re-authentication?
In OAuth the user agent is redirected back to the Client after the user has
authorized the client.
The AS is a web server and cannot initiate a call to the user agent. I assume
that the request to re-authenticate comes in a resp
I don't think it actually makes sense in core anyway, because there are flows
where there's no user interaction and such a parameter doesn't make any sense.
This is the kind of thing that would fit really well with the UX extension that
David put up two years ago:
http://tools.ietf.org/html/dra