What seems to be missing in the discussion and the security considerations of the spec is a decent list of general and grant-type-specific security implications/pros/cons for the system if meaningful client authentication at the token endpoint is available or not available.
What about this? http://tools.ietf.org/html/draft-lodderstedt-oauth-security-01
regards, Torsten.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
