At 18:13 14-12-2011, Mike Jones wrote:
Any objections to posting the updated Bearer draft incorporating the
results of the APPS Area review and the TLS requirements?
Mark Nottingham followed up on his review [1]. If this working group
considers that the concerns raised have been addressed, I
Hey Phil,
Your understanding is pretty much inline with how I understand it.
That text actually originates from earlier versions of the core spec
(I think -09 [1] was the last sighting). And I carried it over when
the grant_type got generalized and the assertion pieces moved into the
SAML/OAuth dr
On 12/16/2011 03:02 AM, Mark Mcgloin wrote:
Michael,
I will review the comments from Phil where he suggests some changes in
section 4.1.4 of the threat model
I am unclear exactly what you are proposing. If you want to propose a
clearly worded revamp of that section in the next couple of days, I
Andre
You are right that the threat model does not cover this kind of issue
related to client registration. Client registration is considered to be out
of scope in the oauth spec but it is worth drawing developers attention to
this. I can add a threat entitled something like "Client Registration
Michael,
I will review the comments from Phil where he suggests some changes in
section 4.1.4 of the threat model
I am unclear exactly what you are proposing. If you want to propose a
clearly worded revamp of that section in the next couple of days, I am
willing to review and accept legitimate ch
