[OAUTH-WG] Clients authenticating with assertions
Yaron Goland <yarong@microsoft.com> Fri, 25 June 2010 18:26 UTC
Return-Path: <yarong@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0028D3A6928 for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:26:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.623
X-Spam-Level:
X-Spam-Status: No, score=-9.623 tagged_above=-999 required=5 tests=[AWL=0.975, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7uvwkQOb0gW for <oauth@core3.amsl.com>; Fri, 25 Jun 2010 11:26:10 -0700 (PDT)
Received: from smtp.microsoft.com (maila.microsoft.com [131.107.115.212]) by core3.amsl.com (Postfix) with ESMTP id E3BFA3A6993 for <oauth@ietf.org>; Fri, 25 Jun 2010 11:26:09 -0700 (PDT)
Received: from TK5EX14CASC131.redmond.corp.microsoft.com (157.54.52.38) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 25 Jun 2010 11:26:13 -0700
Received: from TK5EX14MBXC117.redmond.corp.microsoft.com ([169.254.8.23]) by TK5EX14CASC131.redmond.corp.microsoft.com ([157.54.52.38]) with mapi id 14.01.0160.007; Fri, 25 Jun 2010 11:26:14 -0700
From: Yaron Goland <yarong@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Clients authenticating with assertions
Thread-Index: AcsUhz2iYfrAgGl/Q7+u4YeRqbxaDg==
Date: Fri, 25 Jun 2010 18:26:10 +0000
Message-ID: <7C01E631FF4B654FA1E783F1C0265F8C579CA9D1@TK5EX14MBXC117.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_7C01E631FF4B654FA1E783F1C0265F8C579CA9D1TK5EX14MBXC117r_"
MIME-Version: 1.0
Subject: [OAUTH-WG] Clients authenticating with assertions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jun 2010 18:26:13 -0000
If a client wants to authenticate itself to a token endpoint to get an access token using an assertion how should it do it?
Grant_Type = assertion doesn't seem right because that assertion should be from the resource owner who delegated the permission, not from the client, right? In other words one can end up with an access token request with two assertions, one from the client and one from the resource owner. How is this done?
Thanks,
Yaron
P.S. I looked for something like client_assertion and client_assertion_type in section 2 of -08 but didn't see it. Sorry if I missed it.
- [OAUTH-WG] Clients authenticating with assertions Yaron Goland
- Re: [OAUTH-WG] Clients authenticating with assert… Eran Hammer-Lahav