In this case, the term "capability" MUST be defined up front. The word
"capability" seems to carry a much broader meaning than password...
Igor
Brian Eaton wrote:
On Tue, Jul 13, 2010 at 1:06 PM, Blaine Cook <rom...@gmail.com> wrote:
Don't leak it, and treat it as though it were a
password", then we avoid having to explain (embarrassingly) that the
"capability" actually meant something like "password".
For the initiated, that's what "capability" means.
How about this language
"Access tokens are bearer authentication tokens, such as passwords or
capabilities."
I'd encourage the use of the word "capability" because a lot of the
use cases that OAuth 2 enables over OAuth 1 involve using the token
like a capability, sharing it across multiple components to convey
authorization.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
