On Tue, Jul 27, 2010 at 12:26 PM, Chuck Mortimore <cmortim...@salesforce.com> wrote: > For both of these, We intend to enforce one time use; I suspect that type of > state maintenance will get argued against by those running the large > scale consumer systems...it's manageable for us given how our Multi-tenancy > is setup. I could see relaxing this to a should if people feel strongly. > It would be good to see some arguments/use-cases along with the objections
There seem to be two potential arguments against it - the burden of tracking the state and the potential that it's unnecessarily restrictive. I don't personally see either as being a major issue but would like to hear from folks if they feel differently. I could change the language from a MUST to a SHOULD or MAY to allow for more flexibility at deployment/development time? That would slightly increase the opportunity for interop problems but I don't think it's really much of a concern. I don't really want to rely on the OneTimeUse condition for the reasons I mentioned previously as well as the fact that it seems to me to be a decision of the assertion consumer just as much as (or more than) it is of the assertion issuer. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
