This to me means that Section 3.2 needs rewording.
Eliot
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
It would seem to me that the purpose of this specification should be
to reduce the amount of work implementers have to do, in order to
actually have functioning interoperable systems. Otherwise, why even
bother with any of this, and why not simply have each server hand out an
SDK? It seems to me that you want THIS document to specify as MUCH as
possible, so that server documentation can specify as LITTLE as
necessary to get things working. Otherwise library implementations
become complex and implementations become error prone, which in this
case means prone to security problems.
- [OAUTH-WG] token sizes and other, as discussed in Section 3... Eliot Lear
