Torsten, I came across your I-D when looking for a way to distinguish between different protected resources.
Just some remarks and questions: o In 3.1. I suppose your example request is missing the service_id, right? o 3.4. Replace server_id by service_id and you comply with the rest of the document. After all, your approach seems feasible but overly complicated to me. I wouldn't want different 'modes' in the protocol and think we should go the whole way by only offering the 'multiple tokens mode'. In single service environments one could simply define one single service but still use mechanisms capable of supporting multiple service. Don't you think? However I'm much in favor of the idea to support multiple PRs. If the others decide your I-D is the way to go - I'm fine with it. Regard, Christian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
