Re: [OAUTH-WG] Client Credentials and Refresh Tokens

2011-06-03 Thread Brian Eaton
Agreed, it's nuts to return a refresh token for that flow. Eran, why is this still in the spec?  You agreed to remove it almost a year ago. It's come up multiple times since then. http://www.ietf.org/mail-archive/web/oauth/current/msg03651.html Cheers, Brian On Fri, Jun 3, 2011 at 9:45 AM, Mar

Re: [OAUTH-WG] Client Credentials and Refresh Tokens

2011-06-03 Thread Marius Scurtescu
On Thu, Jun 2, 2011 at 11:05 PM, Shane B Weeden wrote: > Would anyone care to explain what the value of a refresh token is for peer > to peer applications utilizing the client_credentials grant type,  or > validate if my explanation is the intended use case? Are you asking why would an authorizat

Re: [OAUTH-WG] Text for Native Applications

2011-06-03 Thread William J. Mills
+1 From: Torsten Lodderstedt To: Skylar Woodward ; Dave Nelson Cc: "oauth@ietf.org" Sent: Friday, June 3, 2011 1:58 AM Subject: Re: [OAUTH-WG] Text for Native Applications +1 Skylar Woodward schrieb: This may be true for a "secret" of sorts in some appl

Re: [OAUTH-WG] OAuth Interim Meeting: Polished Meeting Notes

2011-06-03 Thread Doug Tangren
Thanks for posting this Hannes -Doug Tangren http://lessis.me On Fri, Jun 3, 2011 at 8:45 AM, Hannes Tschofenig wrote: > Bill Mills (post-processi ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth Interim Meeting: Polished Meeting Notes

2011-06-03 Thread Hannes Tschofenig
Meeting Minutes, OAuth Interim Meeting, 23rd May 2011 = Scribe: Bill Mills (post-processing by Hannes Tschofenig) Participants: ** in person ** - Hannes Tschofenig - Jonas Hogberg - Bill Mills - Marius Scurtescu - Andrew Wansley - Breno de

Re: [OAUTH-WG] [apps-discuss] HTTP MAC Authentication Scheme

2011-06-03 Thread Stephen Farrell
Hi Dave, On 02/06/11 22:16, Dave CROCKER wrote: > Stephen, > > On 6/1/2011 5:16 AM, Stephen Farrell wrote: >> Just on DOSETA - that's not currently got any official >> home in the IETF so its not something that would be right >> to reference at this point (unless the oauth WG wanted to >> adopt

Re: [OAUTH-WG] Text for Native Applications

2011-06-03 Thread Torsten Lodderstedt
+1 Skylar Woodward schrieb: This may be true for a "secret" of sorts in some applications, but not for the client_credential in OAuth. The client secret is the only element that can secure the identity of the app and if it is compromised then so is the ability of the app to assert its ident

Re: [OAUTH-WG] Text for Native Applications

2011-06-03 Thread Skylar Woodward
This may be true for a "secret" of sorts in some applications, but not for the client_credential in OAuth. The client secret is the only element that can secure the identity of the app and if it is compromised then so is the ability of the app to assert its identity. There's no way a software pr