OAuth Assertions Status

Mike JonesNovember 8, 2012

OAuth Assertions & SAML Profile• Specifications very stable– No normative changes since April 2012– WGLC introduced no normative

• Hannes needs usage statements for IESG letter– OpenID Connect uses JWT Profile, which uses

Assertions Framework• Over a dozen implementations• Significant interop testing has occurred

– SAML Profile usage statements needed

JWT Bearer Token Profiles

• Fully parallel to SAML Profile (by design)– Only differences due to token formats– Likewise, no normative changes since April 2012

• Will be ready to go to WGLC once JWT is– Gated on JOSE specs going to WGLC