Some may argue that MAC tokens are not necessarily more secure:)
Eran's solution may well be sufficient for MAC (i still think downs scoping is
necessary if symmetric keys are used), however there are people using BEARER
who encode information into signed tokens.
Those people also use the im
There's a problem here, which I think Eran's proposal of differentiating with
scopes solves that should be made explicit, to whit, how does the client know
which token to use in a specific context. We have two options: one is to
specify different scopes, and the other is to use different token
On 2011-10-28 10:59, Julian Reschke wrote:
On 2011-10-28 01:30, Manger, James H wrote:
...
Perhaps a better approach is to: defined,,,
and values as; add text saying senders MUST
NOT use quoted-string's escape mechanism (so " and \ cannot appear in
the values), though receivers MAY use a standar
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
> Why not just ask for one access token with all the scopes you need, then
> refresh it by asking for the different subsets you want.
>
> EHL
>
>> -Original Message---
