Hi all,
i've recently noticed that in OAuth 2.0 draft 22, in the section 10.3 there
is this statment:
Access token (as well as any access token type-specific attributes) MUST be
kept confidential in transit and storage, and only shared among the
authorization server, the resource servers the acce
Hi Hannes,
Just looking at this now. The tracker [1] WG state shows
revised ID needed - was that prior to the publication request
or as a result of the comments on the list since you sent me
this? If the former, I'll do my AD review now, if the latter
then I guess I should wait and review a -13.
