[Specs-cx] CX Contracts as assertions for OAuth
nara hideki
hdknr at ic-tact.co.jp
Tue Aug 17 06:10:17 UTC 2010
Hi experts,
SAML bearer assertions are going to be used for OAuth assertion profile.
( http://www.ietf.org/id/draft-campbell-oauth-saml-00.txt )
I think that CX Contracts can work as assertions as well.
But CX Contract doesn't seems to be bearer assertions so that more
security consideration must be discussed.
CX could be quite secure because PKI must be used, but I may miss the
other security issues.
Any suggestion is welcome.
Thanks in advance.
---
hideki nara
More information about the Specs-cx
mailing list