Thanks Thomas - it's good to hear that it's on the right tracktook awhile
to get both understanding and agreement.
There was a good deal of debate on SHOULD vs MUST for client_id in section 5.1.
The argument for SHOULD was generally that there are use-cases where the
client_id provided as
This also moves the client_credentials authentication material out of the core
and into a core companion specification.
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Saturday, June 18, 2011 1:08 PM
To: Chuck Mortimore; oauth@ietf.org
Subject: Re: [OAU
Chuck,
This is a good draft. Real progress. I wish we had this draft before the WG
spent so much time in IETF-Prague arguing about the assertions text.
Just a short question. Section 5.1 states that the principal identity SHOULD
be the client_id (for the OAuth client):
Principal A uniqu
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Torsten Lodderstedt
> Sent: Friday, June 17, 2011 11:31 AM
> To: Shane B Weeden; Dave Nelson
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Client authentication requirement
>
> Shane B Weeden schrieb:
>
> >As I unde
