I forgot to include the "token_type_hint" parameter in the baseline compare (i.e. revocation includes it as optional, introspection does not).
Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) [email protected] From: Todd W Lainhart/Lexington/IBM@IBMUS To: "IETF oauth WG" <[email protected]>, Date: 03/07/2013 10:17 AM Subject: [OAUTH-WG] draft-richer-oauth-introspection-03 Sent by: [email protected] Hi Justin - I'm comparing: http://tools.ietf.org/html/draft-richer-oauth-introspection-03 ...with: http://tools.ietf.org/html/draft-ietf-oauth-revocation-05 for symmetry. If that's appropriate, and if I use revocation as the baseline, I'm wondering why introspection supports GET in addition to POST, and doesn't require TLS (i.e. revocation only supports POST, and requires TLS). Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) [email protected] _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
