> -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Torsten Lodderstedt > Sent: Wednesday, July 20, 2011 2:15 PM
> "The authorization server redirects the user-agent to the > client's redirection URI previously established with the > authorization server during the client registration process." > > Conflicts with section 3.1.2.3, which allows to pass a redirect_uri via URI > query parameter. Added 'or when initiating the authorization request' > 3.1.2.1 Endpoint Confidentiality > > What does "endpoint" confidentiality mean? Which endpoint does this text > refer to? The client's redirect_uri endpoint? This is a sub-section of the Redirection URI endpoint. > 3.1.2.5. Endpoint Content > > As this section discusses security aspects of the client's implementation of > the redirect_uri page, shouldn't this go to the security considerations > section? I think it is important enough to appear earlier. It is part of my effort to integrate concrete normative language from the security sections up to the protocol sections. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
