[OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-saml2-bearer-09.txt
Brian Campbell <bcampbell@pingidentity.com> Fri, 28 October 2011 18:26 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0C1621F8A4E for <oauth@ietfa.amsl.com>; Fri, 28 Oct 2011 11:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.977
X-Spam-Level:
X-Spam-Status: No, score=-5.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G3Cmk+QSHbzf for <oauth@ietfa.amsl.com>; Fri, 28 Oct 2011 11:26:39 -0700 (PDT)
Received: from na3sys009aog108.obsmtp.com (na3sys009aog108.obsmtp.com [74.125.149.199]) by ietfa.amsl.com (Postfix) with ESMTP id 0E8E821F8888 for <oauth@ietf.org>; Fri, 28 Oct 2011 11:26:38 -0700 (PDT)
Received: from mail-yw0-f44.google.com ([209.85.213.44]) (using TLSv1) by na3sys009aob108.postini.com ([74.125.148.12]) with SMTP; Fri, 28 Oct 2011 11:26:39 PDT
Received: by mail-yw0-f44.google.com with SMTP id 2so4612639ywt.31 for <oauth@ietf.org>; Fri, 28 Oct 2011 11:26:31 -0700 (PDT)
Received: by 10.147.5.22 with SMTP id h22mr880546yai.0.1319826391165; Fri, 28 Oct 2011 11:26:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.146.96.19 with HTTP; Fri, 28 Oct 2011 11:26:00 -0700 (PDT)
In-Reply-To: <20111028172247.3232.30822.idtracker@ietfa.amsl.com>
References: <20111028172247.3232.30822.idtracker@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 28 Oct 2011 12:26:00 -0600
Message-ID: <CA+k3eCScpuqpdsgsqGuBzv_V3wofodizzvbFVfZ-9+oKSEHcpg@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-saml2-bearer-09.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 18:26:40 -0000
I posted a new draft that addresses a potential ambiguity raised by an engineer I work with who is currently implementing against the draft. draft -09 can be found at: http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-09 and here's the relevant snippet from Appendix B. Document History: draft-ietf-oauth-saml2-bearer-09 o Attempt to address an ambiguity around validation requirements when the Conditions element contain a NotOnOrAfter and SubjectConfirmation/SubjectConfirmationData does too. Basically it needs to have at least one bearer SubjectConfirmation element but that element can omit SubjectConfirmationData, if Conditions has an expiry on it. Otherwise, a valid SubjectConfirmation must have a SubjectConfirmationData with Recipient and NotOnOrAfter. And any SubjectConfirmationData that has those elements needs to have them checked. o clarified that AudienceRestriction is under Conditions (even though it's implied by schema) o fix a typo ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: Fri, Oct 28, 2011 at 11:22 AM Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-09.txt To: i-d-announce@ietf.org Cc: oauth@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol Working Group of the IETF. Title : SAML 2.0 Bearer Assertion Profiles for OAuth 2.0 Author(s) : Chuck Mortimore Filename : draft-ietf-oauth-saml2-bearer-09.txt Pages : 16 Date : 2011-10-28 This specification defines the use of a SAML 2.0 Bearer Assertion as means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-oauth-saml2-bearer-09.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-saml2-bearer-09.txt _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bea… internet-drafts
- [OAUTH-WG] Fwd: I-D Action: draft-ietf-oauth-saml… Brian Campbell