Technical Summary
The Assertion Framework for OAuth 2.0 allows the use of assertions
in the form of a new client authentication mechanism
and a new authorization grant type. Mechanisms are specified for
transporting assertions during interactions with a token endpoint, as
well as general processing rules.
The intent of this specification is to provide a common framework for
OAuth 2.0 to interwork with other identity systems using assertions,
and to provide alternative client authentication mechanisms.
Note that this specification only defines abstract message flows and
processing rules. In order to be implementable, companion
specifications are necessary to provide the corresponding concrete
instantiations.
Working Group Summary
There was no controversy around this document.
Document Quality
The working group decided to separate the framework for assertion
handling from instance documents supporting SAML assertion and JSON-
based encoded tokens. Readers who want to implement the functionality
also need to consult one of the extension documents, such as
draft-ietf-oauth-saml2-bearer
The draft previously went through IESG review and was sent back to the WG
to improve interoperability. Updates have been made to address the prior concerns.
Personnel
The document shepherd is Hannes Tschofenig and the responsible-ish
area director is Kathleen Moriarty.
RFC Editor Note: This draft is part of a set of drafts that cross 2
working groups. I am working through the reviews (shepherd just
confirmed them for the OAuth ones) and would like them processed as a
set. The JOSE drafts will hopefully be ready shortly as well. The
set includes (in order):
1 draft-ietf-jose-json-web-signature
2 draft-ietf-jose-json-web-encryption
3 draft-ietf-jose-json-web-key
4 draft-ietf-jose-json-web-algorithms
5 draft-ietf-oauth-json-web-token
6 draft-ietf-jose-cookbook
7 draft-ietf-oauth-assertions
8 draft-ietf-oauth-saml2-bearer
9 draft-ietf-oauth-jwt-bearer