On Mar 26, 2010, at 13:50 PM, Raffi Krikorian wrote: > if an application decides at a later date that they would like to use a > signature mechanism (or visa versa) they they should have an upgrade path > (otherwise they would have to deprecate their tokens and re-authorize their > users?)
Why is this not simply a new token request (rather than a change token from a to b)? Does the use case require changing the token without the user being present? In which case, i think you would be asking for a new security context without the users involvement, which might be an error, IMV. =peterd Peter Davis: Neustar, Inc. Sr. Director & Distinguished Member of the Technical Staff 45980 Center Oak Plaza Sterling, VA 20166 [T] +1 571 434 5516 [E] peter.da...@neustar.biz [W] http://www.neustar.biz/ [X] xri://@neustar*pdavis [X] xri://=peterd The information contained in this e-mail message is intended only for the use of the recipient(s) named above and may contain confidential and/or privileged information. If you are not the intended recipient you have received this e-mail message in error and any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the original message. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
