On Sat, Jul 10, 2010 at 8:03 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > I think authorization credential is going to confuse most readers. The spec > refers to credentials almost exclusively when dealing with identifier and > password (client, end-user), or as a general term for client authentication. > Authorization is specific to the end-user authorization endpoint and will be > confusing when used with assertions and other grant types.
This doesn't hold water. "authorization credential" is consistent with existing practice and definition: http://www.ietf.org/rfc/rfc2828.txt $ credential(s) (I) Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. (See: authentication information, capability, ticket.) > Note that since this term impacts the name of the current 'grant_type' > parameter, changing it means code changes. Given the number of bugs in the -09 spec, I don't think this matters. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
