All but the last bit seems ok to me FWIW. I don't know what
an "additional transport-layer mechanism" might be.
I'd say just leave that bit out. TLS is already a MUST
implement.
S
On 12/09/2011 06:30 PM, Mike Jones wrote:
It looks to me like there is consensus for Barry's text (below). Agre
It looks to me like there is consensus for Barry's text (below). Agreed?
-- Mike
NEW
The authorization server MUST implement TLS. Which version(s) ought to be
implemented will vary over time, and depend on the widespr
I can work with Berry's text.
Another alternative is to:
* Require the server to implement at least one of Bearer and MAC, or provide
the client with a method for discovering or requesting a specific token type
(which is beyond the scope).
This way, until there is a discovery method, each serv
Hannes,
I don't see any proposed text here, I see re-chartering
suggestions. The latter is not going to happen if the
current main documents are wedged. Please focus on the
former now.
You know that I disagree with you and a number of WG
participants about this, so no need for me to repeat
myse
On 08/12/2011 14:18, Hannes Tschofenig wrote:
Hi all,
Hi Hannes,
Some random thoughts about your message below:
I read through this rather long mail thread again and see whether we are
reaching any conclusion on this discussion.
In turns out that there are actually two types of discussions tha
