Responses to suggestions not adopted on draft 04 are inline below. Thanks for
your input.
-- Mike
-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Peter
Saint-Andre
Sent: Wednesday, March 23, 2011 11:11 AM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] WGLC on draft-ietf-oauth-v2-bearer-03.txt
<hat type='AD'/>
> 8. What is the basis for defining "short-lived" a lifetime less than one
> hour? That's plenty of time in which to launch an attack.
Torsten or other working group members - can you comment on this question by
Peter? Is there a specific change that any of you would like to propose to
this text?
> 12. Regarding Section 4.3, I'll post separately about an OAuth Errors
> Registry, but if it's defined it would belong in the base spec, not here.
I've left this registry definition in the spec for the time being, since it has
not yet been incorporated into the framework specification.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
