Draft 10 switched from "Token" scheme in the authorization header to "OAuth". I'd rather we didn't reuse OAuth. 'OAuth2' would be great. "Token" is ugly as sin, but is better than "OAuth".
Spec section: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#page-30 The problem with reusing "OAuth" is that there are existing implementations in the wild that have special behavior implemented for OAuth authorization headers. Since OAuth2 headers don't have the same semantics, we're going to break those implementations. We shouldn't reuse "OAuth" for the same reasons we shouldn't reuse "Negotiate", "NTLM", "Digest", or "Basic. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
