It matters if we publish one main specification and then a bunch of extensions. It doesn't matter if we break the core specification into multiple functional parts, where using bearer tokens are also outside core. My concern is solely on the impression and education the specification provides. Putting bearer tokens in the core specification and signatures elsewhere creates a strong bias towards bearer tokens.
I want a fair and balance document. EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Tschofenig, Hannes (NSN - FI/Espoo) Sent: Monday, September 27, 2010 9:43 AM To: oauth@ietf.org Subject: [OAUTH-WG] Document Management Issue (Signatures) Hi all I wonder whether the question of "signature in the main specification or in a separate document" does not really matter. It is purely a matter of document management style. The important question is whether there will be a **mandatory to implement** or **mandatory to use** someone in the document set. Mandatory to use is typically hard to enforce unless there is only one approach possible. This does not seem to be the case. So, everything then boils down to the question: What is mandatory to implement? (in this specific case with regard to security) Ciao Hannes
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
