EHL
*From:*oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On
Behalf Of *Marco De Nadai
*Sent:* Sunday, October 30, 2011 9:44 AM
*To:* oauth@ietf.org
*Subject:* [OAUTH-WG] Security Considerations - Access Tokens
Hi all,
i've recently noticed that in OAuth 2.0 draft 22, in the se
f Of Marco
De Nadai
Sent: Sunday, October 30, 2011 9:44 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Security Considerations - Access Tokens
Hi all,
i've recently noticed that in OAuth 2.0 draft 22, in the section 10.3 there is
this statment:
Access token (as well as any access token type-spe
er lifespan of the token.
>
> --
> *From:* Dan Taflin
> *To:* Marco De Nadai ; "oauth@ietf.org" <
> oauth@ietf.org>
> *Sent:* Monday, October 31, 2011 8:54 AM
> *Subject:* Re: [OAUTH-WG] Security Considerations - Access Tokens
>
> To be consist
"
Sent: Monday, October 31, 2011 8:54 AM
Subject: Re: [OAUTH-WG] Security Considerations - Access Tokens
To be consistent, section 10.3 should probably specify that the requirement of
confidentiality in transit applies specifically to BEARER tokens.
I would like to see this relaxed further
l
> an analogous role.
>
> ** **
>
> Dan
>
> ** **
>
> *From:* Marco De Nadai [mailto:denad...@gmail.com]
> *Sent:* Sunday, October 30, 2011 9:44 AM
> *To:* oauth@ietf.org
> *Subject:* [OAUTH-WG] Security Considerations - Access Tokens
>
> ** **
t; it seems
reasonable to allow the same option for bearer tokens, which fulfill an
analogous role.
Dan
From: Marco De Nadai [mailto:denad...@gmail.com]
Sent: Sunday, October 30, 2011 9:44 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Security Considerations - Access Tokens
Hi all,
i've recent
Hi all,
i've recently noticed that in OAuth 2.0 draft 22, in the section 10.3 there
is this statment:
Access token (as well as any access token type-specific attributes) MUST be
kept confidential in transit and storage, and only shared among the
authorization server, the resource servers the acce
