Is this really a MUST? EHL
On 4/13/10 7:23 AM, "jbem...@zonnet.nl" <jbem...@zonnet.nl> wrote: All, I think the draft should explicitly state that the Authorization server MUST use Cache-Control: no-store on all responses that contain tokens or other sensitive information, since this is critical to the security properties of the protocol Regards, Jeroen _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
