gt;> some will not deploy Basic.
>>
>> EHL
>>
>>
>>>
>>> -Original Message-
>>> From: Anthony Nadalin [mailto:tony...@microsoft.com]
>>> Sent: Tuesday, January 18, 2011 9:28 AM
>>> To: Richer, Justin P.; Eran Hammer-Laha
tin P.; OAuth WG
Subject: RE: [OAUTH-WG] Removal: HTTP Basic Authentication for Client
Credentials
So does requiring the parameter-based approach which has identical security
properties. We need to require at least one, and we already know some will not
deploy Basic.
EHL
-Original Me
mailto:tony...@microsoft.com]
> Sent: Tuesday, January 18, 2011 9:28 AM
> To: Richer, Justin P.; Eran Hammer-Lahav; OAuth WG
> Subject: RE: [OAUTH-WG] Removal: HTTP Basic Authentication for Client
> Credentials
>
> Concern here is that HTTP Basic Auth provides a straightforward
8, 2011 9:28 AM
> To: Richer, Justin P.; Eran Hammer-Lahav; OAuth WG
> Subject: RE: [OAUTH-WG] Removal: HTTP Basic Authentication for Client
> Credentials
>
> Concern here is that HTTP Basic Auth provides a straightforward interop
> profile for the web server profile
>
>
WG
Subject: Re: [OAUTH-WG] Removal: HTTP Basic Authentication for Client
Credentials
+1 to making BASIC optional. I don't think we were going to be supporting it
in general, either.
-- Justin
From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On B
53 AM
To: OAuth WG
Subject: [OAUTH-WG] Removal: HTTP Basic Authentication for Client Credentials
OAuth 2.0 provides two methods for client authentication using password
credentials: request parameters and HTTP Basic authentication. I suggest we
drop the requirement to support HTTP Basic authentic
OAuth 2.0 provides two methods for client authentication using password
credentials: request parameters and HTTP Basic authentication. I suggest we
drop the requirement to support HTTP Basic authentication, and only mention it
as an example for alternative methods. My reasons are:
1. A f
