Protocol Action: 'SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants' to Proposed Standard (draft-ietf-oauth-saml2-bearer-23.txt)

The IESG <> Tue, 13 January 2015 00:17 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 232FE1ACE3D; Mon, 12 Jan 2015 16:17:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NgGNrXdZM0yA; Mon, 12 Jan 2015 16:17:09 -0800 (PST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 2BA441ACE56; Mon, 12 Jan 2015 16:16:57 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants' to Proposed Standard (draft-ietf-oauth-saml2-bearer-23.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Mon, 12 Jan 2015 16:16:57 -0800
Archived-At: <>
Cc: oauth chair <>, oauth mailing list <>, RFC Editor <>
X-Mailman-Version: 2.1.15
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Jan 2015 00:17:11 -0000

The IESG has approved the following document:
- 'SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization
  (draft-ietf-oauth-saml2-bearer-23.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working

The IESG contact persons are Kathleen Moriarty and Stephen Farrell.

A URL of this Internet Draft is:

Technical Summary

  This specification defines the use of a SAML 2.0 Bearer Assertion
  as a means for requesting an OAuth 2.0 access token as well as
  for use as a means of client authentication.

Working Group Summary

   The OAuth assertion framework, which this document instantiates,
   has been submitted to the IESG before and was returned to the
   working group due to interoperability concerns. The working group
   has discussed those concerns and has worked on several iterations
   of the document to reduce the number of optional functionality.
   Along with the changes to the assertion framework document
   changes have been made to this document as well.

Document Quality

  The document has gone through many iterations and has received
  substantial feedback.  There are also multiple implementations of this
  draft noted in the shepherd writeup.


  The document shepherd is Hannes Tschofenig and the responsible
  area director is Kathleen Moriarty. 


  The document only adds entries to existing registries and does
  not define any new registries. 

RFC Editor Note: This draft is part of a set of drafts that cross 2
working groups. I am working through the reviews (shepherd just
confirmed them for the OAuth ones) and would like them processed as a
set. The JOSE drafts will hopefully be ready shortly as well. The
set includes (in order):

1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer