On Thu, Jan 6, 2011 at 9:16 AM, Francisco Corella wrote:
> Mike,
>
> Thank you very much for sending the links to the artifact binding home page
> and spec. I've had a quick look, and maybe I'm missing something, but it
> seems that this completely ignores the problem of authenticating the relyin
On Thu, Jan 6, 2011 at 9:16 AM, Francisco Corella wrote:
> Mike,
>
> Thank you very much for sending the links to the artifact binding home page
> and spec. I've had a quick look, and maybe I'm missing something, but it
> seems that this completely ignores the problem of authenticating the relyin
One more issue:, section 3 states:
"...the authorization server
issues an access token response as described in Section 4.2 of
[I-D.ietf.oauth-v2]. The new access token SHOULD have the same
expiration and scope as the OAuth 1.0 token which the client is
upgrading."
First, only access tokens are
On Wed, Jan 12, 2011 at 4:31 PM, Torsten Lodderstedt
wrote:
> Am 12.01.2011 22:19, schrieb Richer, Justin P.:
>>
>> Yes, let the server do the work. In practice, it's going to be looking up
>> the token based on the token value anyway (for bearer tokens, at least). All
>> the client really cares a
