Updated OAuth assertions drafts have been posted that improve their interoperability characteristics in a manner suggested during IESG review: they now state that issuer and audience values should be compared using the Simple String Comparison method defined in Section 6.2.1 of RFC 3986 unless otherwise specified by the application.
The drafts are available at:
- http://tools.ietf.org/html/draft-ietf-oauth-assertions-12
- http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-17
- http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-06
HTML formatted versions are available at:
Leave a Reply
You must be logged in to post a comment.