Technical Summary
This specification defines the use of a SAML 2.0 Bearer Assertion
as a means for requesting an OAuth 2.0 access token as well as
for use as a means of client authentication.
Working Group Summary
The OAuth assertion framework, which this document instantiates,
has been submitted to the IESG before and was returned to the
working group due to interoperability concerns. The working group
has discussed those concerns and has worked on several iterations
of the document to reduce the number of optional functionality.
Along with the changes to the assertion framework document
changes have been made to this document as well.
Document Quality
The document has gone through many iterations and has received
substantial feedback. There are also multiple implementations of this
draft noted in the shepherd writeup.
Personnel
The document shepherd is Hannes Tschofenig and the responsible
area director is Kathleen Moriarty.
IANA Note
The document only adds entries to existing registries and does
not define any new registries.
RFC Editor Note: This draft is part of a set of drafts that cross 2
working groups. I am working through the reviews (shepherd just
confirmed them for the OAuth ones) and would like them processed as a
set. The JOSE drafts will hopefully be ready shortly as well. The
set includes (in order):
1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer