Here are my notes. Participants:
* John Bradley * Derek Atkins * Phil Hunt * Prateek Mishra * George Fletcher * Bill Mills * Hannes Tschofenig Notes: We discussed the slides available at http://www.tschofenig.priv.at/OAuth2-Security-4Feb2013.ppt, which contained a summary of the earlier discussion to determine where we have a common view and where not. The entire meeting time was spent to discuss whether a solution at the HTTP layer or at the JSON level would be preferred. The view of the participants on this call indicated a preference for a solution at the HTTP level. The discussion about what HTTP elements should be covered by the keyed message digest indicated a preference for a flexible approach, similar to DKIM, where the list of included headers is carried in the message itself. The next conference call will take place Monday, 11th Feb. 2013. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
