We implement the second option in our SSO protocol.
Am 15.07.2010 um 01:02 schrieb Brian Eaton <bea...@google.com>: > On Wed, Jul 14, 2010 at 2:59 PM, Torsten Lodderstedt > <tors...@lodderstedt.net> wrote: >>> The second request (as you pointed out in your original mail) is >>> currently used to verify the client identity. Do you have a >>> suggestion for an alternate mechanism? >>> >> >> A digital signature over the authz request? Alternatively, the authz server >> could encrypt the authz response. > > Is anybody else implementing that model...? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
