> > browser id, openid, and oauth are all authentication frameworks built > on top of HTTP >
OAuth is an authorization framework, not an authentication one. Please be careful to make the distinction. What we're looking at here is the need for an HTTP authentication system that (for example) doesn't send reusable credentials, is less susceptible to spoofing attacks, and so on. Barry
_______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
