The OAuth framework itself isn't particularly RESTful so it's not really
specific to token exchange. This document just makes mention of it in the
context of talking about the shift from XML/SOAP/WS* to JSON/HTTP as one of
the motivations for its existence.
There's nothing precluding sending addit
Hiya,
In section 1:
The STS
protocol defined in this specification is not itself RESTful (an STS
doesn't lend itself particularly well to a REST approach) but does
utilize communication patterns and data formats that should be
familiar to developers accustomed to working with RESTf
