>> I would be very unhappy if we equated access tokens with passwords. >> >> I agree with Dirk that "capability" is a more expressive phrase than either >> "shared secret" or "password".
> Expressive to you and people well-versed in security theory. It means > nothing to a casual reader. The token definition includes the term, but in > this section, it is referring to how an access token is used, and it is used > just like a password. Definitely agree with Eran here. The term "capability" doesn't mean much to me in this circumstance, but "like a password" tells me exactly what I, as an implementer, can expect. -- Justin _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
