The IESG has approved the following document: - 'SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants' (draft-ietf-oauth-saml2-bearer-23.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/ Technical Summary This specification defines the use of a SAML 2.0 Bearer Assertion as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication. Working Group Summary The OAuth assertion framework, which this document instantiates, has been submitted to the IESG before and was returned to the working group due to interoperability concerns. The working group has discussed those concerns and has worked on several iterations of the document to reduce the number of optional functionality. Along with the changes to the assertion framework document changes have been made to this document as well. Document Quality The document has gone through many iterations and has received substantial feedback. There are also multiple implementations of this draft noted in the shepherd writeup. Personnel The document shepherd is Hannes Tschofenig and the responsible area director is Kathleen Moriarty. IANA Note The document only adds entries to existing registries and does not define any new registries. RFC Editor Note: This draft is part of a set of drafts that cross 2 working groups. I am working through the reviews (shepherd just confirmed them for the OAuth ones) and would like them processed as a set. The JOSE drafts will hopefully be ready shortly as well. The set includes (in order): 1 draft-ietf-jose-json-web-signature 2 draft-ietf-jose-json-web-encryption 3 draft-ietf-jose-json-web-key 4 draft-ietf-jose-json-web-algorithms 5 draft-ietf-oauth-json-web-token 6 draft-ietf-jose-cookbook 7 draft-ietf-oauth-assertions 8 draft-ietf-oauth-saml2-bearer 9 draft-ietf-oauth-jwt-bearer