> I did find it amusing that the paper defines bearer token as a 'cryptographic > approach'. I guess no crypto is in its way an approach :-).
Well. It uses TLS as the underlying primitive. As such, it is a cryptographic mechanism. I know that we have different views about the pros & cons of the different approaches. Hence the past writeup about this aspect: http://tools.ietf.org/html/draft-tschofenig-oauth-signature-thoughts-00 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
