Eran Hammer-Lahav
> Cc: Tschofenig, Hannes (NSN - FI/Espoo); oauth@ietf.org
> Subject: Re: [OAUTH-WG] Hum about 'Removal: HTTP Basic Authentication
> for Client Credentials'
>
> On 2/3/2011 5:00 PM, Eran Hammer-Lahav wrote:
> > Yes. I think automatic registration an
On 2/3/2011 5:00 PM, Eran Hammer-Lahav wrote:
Yes. I think automatic registration and other mechanisms for discovery and
obtaining credentials are going to be extremely useful. We're just not there
yet.
This issue does not only need to be related to automatic registration.
With respect to st
t; Sent: Thursday, February 03, 2011 5:03 AM
> To: Eran Hammer-Lahav; Hannes Tschofenig; oauth@ietf.org
> Subject: RE: [OAUTH-WG] Hum about 'Removal: HTTP Basic Authentication
> for Client Credentials'
>
> > > The main question for me is: "What is mandatory to impl
> > The main question for me is: "What is mandatory to implement?"
>
> Nothing. The authorization server can support whatever client
> authentication methods it deems appropriate. *IF* client
> password credentials are supported, then the spec offers one
> way to provide them using parameters.
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Thursday, February 03, 2011 12:16 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Hum about 'Removal: HTTP Basic Authentication for
> Clien
Hi all,
Eran suggested to remove the HTTP Basic Authentication functionality
from the specification in his mail from last month:
http://www.ietf.org/mail-archive/web/oauth/current/msg05028.html
Essentially, there are two ways to accomplish the same functionality,
namely (1) Request parameters
