I think it would be best to publish -16 immediately with this text, mark it as pending consensus, and continue with a single document. This will make it easier for new readers as well as for everyone else.
I will push it out in a couple of hours. EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Torsten Lodderstedt > Sent: Thursday, April 07, 2011 12:27 AM > To: OAuth WG > Subject: [OAUTH-WG] Security Considerations Section Proposal -02 > > Hi all, > > I just posted a new revision of the proposed text for the core draft's > security > considerations section (http://tools.ietf.org/html/draft-lodderstedt-oauth- > securityconsiderations-02). > > The text makes some strong statements wrt client secrets/authentication, > HTTPS, refresh tokens and other topics. This is to facilitate a clear and > understandable specification while also considering (and supporting) _all_ > relevant use cases (e.g. native apps). > > Since this is the last major building block of the draft, we would like to > include > this text as soon as possible. > > So please give your feedback soon! > > thanks in advance, > Torsten. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
