[OAUTH-WG] SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 Draft -11 and OAuth 2.0 Assertion Profile Draft -02
Brian Campbell <bcampbell@pingidentity.com> Thu, 26 April 2012 20:01 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBED321E808D for <oauth@ietfa.amsl.com>; Thu, 26 Apr 2012 13:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.942
X-Spam-Level:
X-Spam-Status: No, score=-5.942 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k32V1Xha3RNZ for <oauth@ietfa.amsl.com>; Thu, 26 Apr 2012 13:01:01 -0700 (PDT)
Received: from na3sys009aog117.obsmtp.com (na3sys009aog117.obsmtp.com [74.125.149.242]) by ietfa.amsl.com (Postfix) with ESMTP id A976D21E8088 for <oauth@ietf.org>; Thu, 26 Apr 2012 13:01:00 -0700 (PDT)
Received: from mail-vb0-f43.google.com ([209.85.212.43]) (using TLSv1) by na3sys009aob117.postini.com ([74.125.148.12]) with SMTP ID DSNKT5mpeyRCxDtqTkK+Pxbuq6UBTzb7vD46@postini.com; Thu, 26 Apr 2012 13:01:00 PDT
Received: by vbbfq11 with SMTP id fq11so1639718vbb.2 for <oauth@ietf.org>; Thu, 26 Apr 2012 13:00:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :x-gm-message-state; bh=Wq4qBR/g3puCLWv/U+/TaU0rCcvqtTWsabcb5cUU88A=; b=Gmj9k9yiHHyQAFrRuw21zclh9dgkS+J77vh8t45AIxxXI/YH+Kb51YZktqfx2frTZY orRQnCnjkeTaKv1Le8O1lMxLNzDDZMREydjMAnpIBEcw7+Co5Q5Rrdt2JtxDdOGB+CYv 4A2AjR4+sI238OMuN6cnhleSKwTKNjpXpzUh+98x5C9JVObwy6ul2s6SqyEVSsaIgUt8 mE8/9nfflxAm6MTFVqAF+lCurTQhjC7BIrR2aTARyVDTq9xwB2G1sgV+6j5Kklw6VScF muK2fw3YqaPrsX6NtqTqDAzwjxDscc3i9p9eW0QLpg3MgyN5sK6C+nSatVVZ2uX+PiGs f8tw==
Received: by 10.52.90.175 with SMTP id bx15mr7300162vdb.31.1335470459046; Thu, 26 Apr 2012 13:00:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.38.104 with HTTP; Thu, 26 Apr 2012 13:00:28 -0700 (PDT)
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 26 Apr 2012 14:00:28 -0600
Message-ID: <CA+k3eCRVr5GGjK_VY01tEt=UNGc0T1K1TiqORtjiRjwSpV3AbQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQl9MmL9IrxyHdUFvq8fH0SCVVnKevF8kqx1AKYi4lUHHyz2w+0/sFI2Pfhtix/g8tJEh2iq
Subject: [OAUTH-WG] SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 Draft -11 and OAuth 2.0 Assertion Profile Draft -02
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2012 20:01:02 -0000
Draft -11 of "SAML 2.0 Bearer Assertion Profiles for OAuth 2.0" and draft -02 of "OAuth 2.0 Assertion Profile" have been published. The changes address comments raised during WGLC on the two documents that ended earlier this week. A summary of changes is included (with links to the comment in the mail archive when appropriate) in the document history section of each draft. A copy of the relevant portion of the history is also copied to the bottom of this message for convenience. I'd like to specifically thank Mike Jones for his assistance in getting these updates posted quickly. The drafts are available at: http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11 http://tools.ietf.org/html/draft-ietf-oauth-assertions-02 draft-ietf-oauth-saml2-bearer-11 o Removed text about limited lifetime access tokens and the SHOULD NOT on issuing refresh tokens. The text was moved to draft-ietf-oauth-assertions-02 and somewhat modified per http://www.ietf.org/mail-archive/web/oauth/current/msg08298.html. o Fixed typo/missing word per http://www.ietf.org/mail-archive/web/oauth/current/msg08733.html. o Added Terminology section. draft-ietf-oauth-assertions-02 o Added text about limited lifetime ATs and RTs per http://www.ietf.org/mail-archive/web/oauth/current/msg08298.html. o Changed the line breaks in some examples to avoid awkward rendering to text format. Also removed encoded '=' padding from a few examples because both known derivative specs, SAML and JWT, omit the padding char in serialization/encoding. o Remove section 7 on error responses and move that (somewhat modified) content into subsections of section 4 broken up by authn/authz per http://www.ietf.org/mail-archive/web/oauth/current/msg08735.html. o Rework the text about "MUST validate ... in order to establish a mapping between ..." per http://www.ietf.org/mail-archive/web/oauth/current/msg08872.html and http://www.ietf.org/mail-archive/web/oauth/current/msg08749.html. o Change "The Principal MUST identify an authorized accessor. If the assertion is self-issued, the Principal SHOULD be the client_id" in 6.1 per http://www.ietf.org/mail-archive/web/oauth/current/msg08873.html. o Update reference in 4.1 to point to 2.3 (rather than 3.2) of oauth-v2 (rather than self) http://www.ietf.org/mail-archive/web/oauth/current/msg08874.html. o Move the "Section 3 of" out of the xref to hopefully fix the link in 4.1 and remove the client_id bullet from 4.2 per http://www.ietf.org/mail-archive/web/oauth/current/msg08875.html. o Add ref to Section 3.3 of oauth-v2 for scope definition and remove some then redundant text per http://www.ietf.org/mail-archive/web/oauth/current/msg08890.html. o Change "The following format and processing rules SHOULD be applied" to "The following format and processing rules apply" in sections 6.x to remove conflicting normative qualification of other normative statements per http://www.ietf.org/mail-archive/web/oauth/current/msg08892.html. o Add text the client_id must id the client to 4.1 and remove similar text from other places per http://www.ietf.org/mail-archive/web/oauth/current/msg08893.html. o Remove the MUST from the text prior to the HTTP parameter definitions per http://www.ietf.org/mail-archive/web/oauth/current/msg08920.html. o Updated examples to use grant_type and client_assertion_type values from the OAuth SAML Assertion Profiles spec. -- Brian
- [OAUTH-WG] SAML 2.0 Bearer Assertion Profiles for… Brian Campbell