Thanks Mike! Comments inline.
> Normative Issues
>
> 4.1, 4.2, 4.3.1, 5, 5.2, 5.3.1, 6.2, 6.2.1 "Scope" parameter should be paired
> with
> complimentary "resource" parameter
I am more inclined to drop 'scope' than to include 'resource'. Scope as
currently defined can easily accommodate resour
Thanks James.
This is my current text. Let me know if there are more issues.
EHL
---
6.2. The WWW-Authenticate Response Header Field
If the protected resource request does not include authentication
credentials, contains an invalid access token, or is malformed, the
resource server M
Eran,
> I will be publishing -11 this week no matter what shape the draft is in
> as it now includes many normative changes collected over the past few months.
You are probably still editing this text
(https://github.com/theRazorBlade/draft-ietf-oauth/blob/master/draft-ietf-oauth-v2.txt)
but he
This description of realm doesn't really fit into the OAuth model, as OAuth
challenges are not meant for end users, but for clients. The problem with realm
is that the existing experience (i.e. Basic) does not match OAuth. Realm does
not improve interop because we can't figure out how to use it
Forgot to reply to all...
-- Forwarded message --
From: John Kemp
Date: Wed, Nov 24, 2010 at 11:22 AM
Subject: Re: [OAUTH-WG] Dropping 'realm' parameter
To: Eran Hammer-Lahav
Hi Eran,
On Wed, Nov 24, 2010 at 2:57 AM, Eran Hammer-Lahav wrote:
> Over the past year we had consen
