YES!!!
Brian, could you please add this?
Igor
Brian Eaton wrote:
On Tue, Jul 13, 2010 at 1:40 PM, Igor Faynberg
<igor.faynb...@alcatel-lucent.com> wrote:
In this case, the term "capability" MUST be defined up front. The word
"capability" seems to carry a much broader meaning than password...
It has a standard definition we can reference. From
http://www.ietf.org/rfc/rfc2828.txt
$ capability
(I) A token, usually an unforgeable data value (sometimes called a
"ticket") that gives the bearer or holder the right to access a
system resource. Possession of the token is accepted by a system
as proof that the holder has been authorized to access the
resource named or indicated by the token. (See: access control
list, credential, digital certificate.)
(C) This concept can be implemented as a digital certificate.
(See: attribute certificate.)
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
