The issue is that the service provider will likely only accept ONE token format in practice. The security requirements of the scenario dictate choice of Mac or bearer or for that matter any other new scheme.
An MTI would complicate the spec by implying a choice of tokens by the client because of the implication that the client has the right to select the MTI token format. Phil On 2011-11-02, at 13:31, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > Agnostic sounds like a fine word. > > I'd need to have it demonstrated to me that it doesn't > mean non-interoperable in this case. > > S. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
