Brian said: > How do we reconcile "Bearer" with "Negotiate", "NTLM", "Basic", and > "GoogleLogin"? All of those examples are widely deployed and use > bearer tokens in Authorization headers. Should all of those switch to > using the "Bearer" scheme as well?
"Basic" & "NTLM" are password schemes; "Negotiate" can be a password or Kerberos or other scheme (I think); "GoogleLogin" is a password scheme with an optional CAPTCHA. These aren't bearer token schemes so they should not (and cannot) switch to the "Bearer" scheme. ... > Something like "Bearer" seems overly generic. > Why do we think we are qualified to claim "Bearer" for our own? By not defining it to be just our own, ie don't make the definition OAuth-specific. -- James Manger _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
