> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Manger, James H > Sent: Monday, June 13, 2011 6:11 PM
> There have been suggestions that the MAC calculation could/should cover > the key id. In that situation it is even more crucial that the id field isn't > just a > name referring to the real value elsewhere - as then the security changes > based on the syntax used to issue the credentials. What suggestions? We could not come up with any reason to include the key identifier in the normalized string. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
