[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAML assertion profile in OAuth 2.0?
> Section 5.2 - Assertion Profile > > never says SAML but that's the intent (as described at IIW when WRAP was > announced) It has the separation I'd expect such that I don't see any compelling reason to dictate what protocol(s) are used to acquire tokens of particular sorts. Those can evolve as needed, that's really the best reason to break the flow apart and not just use a more end-to-end SSO-like approach between the service and the IdP (which I think is better anyway). To the extent that this is attempting to replace WS-Trust or SAML as a sufficient vehicle for requesting assertions, I don't think it's in the ballpark as is. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]