I'm gong to join the growing list of people attaching a potential I-D
to an email due to he cut off time for the I-D submissions. Attached
is a draft that aims to tightly define the particular format of a SAML
2.0 bearer assertion in requesting an access token using the assertion
grant_type. I'v
Hi Brian,
thank you for taking the effort to write this I-D.
I have the following remarks:
Why do you prescribe to include the token endpoint URL into the
SubjectConfirmationData and similar data also in the
AudienceRestriction? I would expect such data in the AudienceRestriction
only.
Why
Torsten,
Thanks for taking the time to review and comment. I've tried to
address your questions inline below (though in some cases only raising
more questions).
On Sun, Jul 18, 2010 at 9:48 AM, Torsten Lodderstedt
wrote:
> Why do you prescribe to include the token endpoint URL into the
> Subject
Am 19.07.2010 06:34, schrieb Brian Campbell:
Torsten,
Thanks for taking the time to review and comment. I've tried to
address your questions inline below (though in some cases only raising
more questions).
On Sun, Jul 18, 2010 at 9:48 AM, Torsten Lodderstedt
wrote:
Why do you prescribe t
On Thu, Jul 22, 2010 at 3:39 PM, Torsten Lodderstedt
wrote:
> Sounds like you defining a profile of the OAuth assertion flow for using
> SAML assertions complying to the SAML "Web Browser SSO Profile". I think you
> should state that somewhere. There will probably be other assertion flow
> profile
Yes - this is intended to be a simplified parallel to web sso profile. We also
intend to ship a straight adaptation of websso, as do others I believe
For both of these, We intend to enforce one time use; I suspect that type of
state maintenance will get argued against by those running the large
On Tue, Jul 27, 2010 at 12:26 PM, Chuck Mortimore
wrote:
> For both of these, We intend to enforce one time use; I suspect that type of
> state maintenance will get argued against by those running the large
> scale consumer systems...it's manageable for us given how our Multi-tenancy
> is setup.
On Tue, Jul 27, 2010 at 11:56 AM, Brian Campbell
wrote:
> There seem to be two potential arguments against it - the burden of
> tracking the state and the potential that it's unnecessarily
> restrictive. I don't personally see either as being a major issue but
> would like to hear from folks if t
Am 28.07.2010 um 01:40 schrieb Brian Eaton :
> On Tue, Jul 27, 2010 at 11:56 AM, Brian Campbell
> wrote:
>> There seem to be two potential arguments against it - the burden of
>> tracking the state and the potential that it's unnecessarily
>> restrictive. I don't personally see either as being a
+1 on MAY; (+0.3 on SHOULD).
Igor
Torsten Lodderstedt wrote:
Am 28.07.2010 um 01:40 schrieb Brian Eaton :
On Tue, Jul 27, 2010 at 11:56 AM, Brian Campbell
wrote:
There seem to be two potential arguments against it - the burden of
tracking the state and the potential that it's unnec
MAY it is. Thanks
On Jul 28, 2010 4:06 AM, "Igor Faynberg"
wrote:
+1 on MAY; (+0.3 on SHOULD).
Igor
Torsten Lodderstedt wrote:
>
> Am 28.07.2010 um 01:40 schrieb Brian Eaton :
>
>...
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mail
: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Campbell
Sent: Thursday, July 15, 2010 1:50 PM
To: oauth
Subject: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0 draft
I'm gong to join the growing list of people attaching a potential I-D to an
email due
file for that
> or add it as an option here.
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> Brian Campbell
> Sent: Thursday, July 15, 2010 1:50 PM
> To: oauth
> Subject: [OAUTH-WG] SAML 2.0 Bearer Assertion Profi
have a separate profile for that
> or add it as an option here.
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Brian Campbell
> Sent: Thursday, July 15, 2010 1:50 PM
> To: oauth
> Subject: [OAUTH-WG] SAML 2.0
at the signature verification is out of scope.
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> Brian Campbell
> Sent: Monday, August 02, 2010 2:53 PM
> To: oauth
> Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile f
[mailto:bcampb...@pingidentity.com]
Sent: Tuesday, August 03, 2010 1:12 PM
To: Anthony Nadalin
Cc: oauth
Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0 draft
Seems like a much more complicated scenario. Allowing more than one assertion,
off the top of my head, would necessitate
mon
> these days.
>
> -Original Message-
> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
> Sent: Tuesday, August 03, 2010 1:12 PM
> To: Anthony Nadalin
> Cc: oauth
> Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0
> draft
>
>
t belongs in its own spec.
>
> EHL
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Anthony Nadalin
>> Sent: Tuesday, August 03, 2010 3:29 PM
>> To: Brian Campbell
>> Cc: oauth
>> Subj
gnature verification is out of scope.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Campbell
Sent: Monday, August 02, 2010 2:53 PM
To: oauth
Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0 draft
I guess I'd nee
aim, we still expect
that the signature verification is out of scope.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
Behalf Of Brian Campbell
Sent: Monday, August 02, 2010 2:53 PM
To: oauth
Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile
On Wed, Aug 4, 2010 at 9:08 AM, Prateek Mishra
wrote:
> Brian,
>
> it would probably help to clarify that you are proposing this as a
> additional or follow-on step to SSO implemented via the SAML web browser
> profiles (right?).
Actually no.
The similarities to SSO are mostly in the assertion f
cmort
From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On Behalf Of Prateek
Mishra [prateek.mis...@oracle.com]
Sent: Wednesday, August 04, 2010 8:08 AM
To: Brian Campbell
Cc: oauth
Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0 draft
Brian,
it
[oauth-boun...@ietf.org] On Behalf Of Prateek
> Mishra [prateek.mis...@oracle.com]
> Sent: Wednesday, August 04, 2010 8:08 AM
> To: Brian Campbell
> Cc: oauth
> Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0 draft
>
> Brian,
>
> it would prob
m, we still
expect that the signature verification is out of scope.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Campbell
Sent: Monday, August 02, 2010 2:53 PM
To: oauth
Subject: Re: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0
On Wed, Aug 4, 2010 at 3:00 PM, Prateek Mishra
wrote:
> Thanks for the clarification (Paul, Chuck and Brian), re-reading the most
> recent draft makes the use-case pretty clear, not sure how I came up with my
> own personal use-case in this instance (not enough coffee probably...)
If you think th
: [OAUTH-WG] SAML 2.0 Bearer Assertion Profile for OAuth 2.0
draft
This is a use case we are seeing from the various government agencies (UK,
USA, BC), I agree it add complexity but with having to satisfy several claims
(i.e. over 21 and being a resident of sate) this seems to be pretty common
these
26 matches
Mail list logo
