Hi Chuck, Mike, Brian, and Yaron,
I reviewed the document as part of my shepherding role and I believe there is
still room for improvement with the document. I think the document suffers from
the problem that you essentially want to cover every possible use case in a
single document. So, let me
David,
David Recordon writes:
> Regardless of how we got here, just feels strange to have a
> strong recommendation against the way the protocol is actually being used. I
> completely understand that standards live on for well over eighteen months (or
> five years if we start with OAuth 1.0) but
And yet, the security properties of query parameters make them not ideal for
credentials. From a security perspective it is hard to justify recommending it.
>
> From: David Recordon
>To: Mark Nottingham ; Eran Hammer ; Mike
>Jones
>Cc: Julian Reschke ; "oau
On 2012-05-24 09:02, Mike Jones wrote:
My recollection is that putting it in an appendix was explicitly rejected in
the threads discussing the DISCUSS issues and no one on those threads pushed
back afterwards, particularly after Dick's explanations of why it should stay.
(Why these DISCUSS di
Regardless of how we got here, just feels strange to have a
strong recommendation against the way the protocol is actually being used.
I completely understand that standards live on for well over eighteen
months (or five years if we start with OAuth 1.0) but this feels like we're
just going to end
My recollection is that putting it in an appendix was explicitly rejected in
the threads discussing the DISCUSS issues and no one on those threads pushed
back afterwards, particularly after Dick's explanations of why it should stay.
(Why these DISCUSS discussions don't include the full working
