Torsten Lodderstedt wrote:
....
The WRAP refresh token only needs to be accessible to a limited number
of systems. So you can use that to improve the client-side security.
There are WRAP profiles that leverage existing trust relationships to
eliminate the need for refresh tokens entirely.
Is this the point where OpenID and OAuth converge?
I am completely missing the relation to OpenID here... What is it?
Igor
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
