On 6/2/11 8:38 PM, Brian Eaton wrote: > On Thu, Jun 2, 2011 at 7:13 PM, Peter Saint-Andre <stpe...@stpeter.im > <mailto:stpe...@stpeter.im>> wrote: > > I'm not thinking about your use case, but things like enterprise > deployments in high-security environments where every person and every > software application has a certificate or is otherwise provisioned for > authentication with the authorization server. > > > I actually care quite a bit about that use case. =)
I'm happy to hear it. There are so many interesting use cases in the world, aren't there? ;-) > However, I'm not saying we should change or add any text to the spec, > because the SHOULD allows such deployments to not issue tokens to > clients that are incapable of authenticating. So I don't particularly > see a reason to keep discussing the matter. > > > OK, I understand the confusion now. > > I'm going to continue to push for the security considerations to be > broken up more cleanly by use case, in part to avoid confusion like this. Probably a good idea. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
