Re: [OAUTH-WG] OX needs Dynamic Registration: please don't remove!

+1 Dyn reg should fit into the OAuth system as it is now, which uses client ids and secrets. A (probably) improved OAuth is a completely different topic. Let's handle it separately. John Bradley schrieb: >Yes a bearer token that is signed and or encrypted by the AS reduces >the amount of s

[OAUTH-WG] POST to Authorization Endpoint

http://tools.ietf.org/html/rfc6749#section-3.1 says: The authorization server MUST support the use of the HTTP "GET" method [RFC2616] for the authorization endpoint and MAY support the use of the "POST" method as well. Unfortunately, it's missing a

Re: [OAUTH-WG] OX needs Dynamic Registration: please don't remove!

This is not new contention, look back in the mailing list, been going on for quite a while. So far I have only seen 2 replies for implementations. The idea is to get things right. -Original Message- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve Maler Sent

Re: [OAUTH-WG] OX needs Dynamic Registration: please don't remove!

I believe it is rare for RFC to move beyond the stage RFC 6749 is currently at so It is to most peoples minds finished. I am not against doing future things to improve the spec. I just suspect that opening that can of worms again will take time. John B. On 2013-08-15, at 4:23 PM, Phil Hunt w

Re: [OAUTH-WG] OX needs Dynamic Registration: please don't remove!

Yes a bearer token that is signed and or encrypted by the AS reduces the amount of state required for the AS to maintain. In RFC 6749 there is information about the client that is tied to the client_id, and is required at the authorization endpoint. (eg redirect_uri) I understand the goal of r