Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-08-09 Thread Yaron Goland
: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions Makes sense. Personally, I don't have any preference on including it or not. EHL -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Tuesday, July

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-08-09 Thread Eran Hammer-Lahav
; oauth Subject: RE: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions So how do we resolve if the language goes into the spec? Thanks, Yaron -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-27 Thread Brian Campbell
A client_id parameter would still be presented in the end user authorization request. The text Brian E. quoted is what mandates any specifications/documents/agreements that define how to use client assertions must also define the association between the client_id and some field(s) in the

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-27 Thread Eran Hammer-Lahav
Makes sense. Personally, I don't have any preference on including it or not. EHL -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell Sent: Tuesday, July 27, 2010 5:49 AM To: oauth Subject: Re: [OAUTH-WG] Proposed language

[OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-26 Thread Yaron Goland
The following is proposed language for inclusion in the spec as section 2.2. I would like to thank Brian Campbell, Brain Eaton, Chuck Mortimore, Dirk Balfanz, Eric Sachs, Justin Smith and Marius Scurtescu for taking the time to review and improve this proposal. Please note that the named folks

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-26 Thread Brian Eaton
On Mon, Jul 26, 2010 at 2:08 PM, Eran Hammer-Lahav e...@hueniverse.com wrote: I understand that in many assertions, the client identifier is established internally, but this approach will completely prevent using the assertion client authentication method with other flows that involve getting a

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-26 Thread Eran Hammer-Lahav
Subject: Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions On Mon, Jul 26, 2010 at 2:08 PM, Eran Hammer-Lahav e...@hueniverse.com wrote: I understand that in many assertions, the client identifier is established internally, but this approach will completely prevent

Re: [OAUTH-WG] Proposed language for section 2.2 on Client Assertions

2010-07-26 Thread Brian Eaton
On Mon, Jul 26, 2010 at 4:11 PM, Eran Hammer-Lahav e...@hueniverse.com wrote: How do you link the client_id using in the authorization endpoint with the client assertion using in the token endpoint? In theory: any document that defines how to use an assertion of a particular type with OAuth