On 12/01/2011 05:23 PM, Stephen Farrell wrote:
E.g. MAC tokens work well for non-TLS protected resources. Bearer tokens in
contrast are easier to use, but require TLS protected service to avoid
theft-of-credential.
So picking is a nuisance sure. But it helps interop.
This smacks of truth by blatant assertion. If something is required to
be implemented but is unused -- which will happen if the profile
chosen by the SDK doesn't need the required one -- you're not going
to get better interoperability, you're just going to get untested code.
I don't see what the big deal is about saying that discovery, etc, is
for a -bis release of this PS. That would take care of your problem of
reaching back into this PS to change just this part. And what are the
chances of not having a recycle anyway with any well-deployed PS?
Zero?
|We disagree about that I guess. To me it seems a peculiar way to go
|unless one assumes that coders write code that's specific to a specific
|service provider.
But that is exactly what's happening in the field.
Mike
Mike
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
