Stephen says:
> On 12/02/2011 03:20 AM, Barry Leiba wrote:
>> Maybe what would work best is some text that suggests what I say
>> above: that toolkits intended for use in implementing OAuth services
>> in general... implement [X and/or Y], and that code written for a
>> specific environment impleme
> Working group last call begins today on the threat model document:
> http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-01
>
> Please review this version and post last call comments by 9 December.
Here's a reminder that we have about a week left for the working group
last call on this, a
I strongly object to a mandatory-to-implement clause for the MAC scheme. They
are unnecessary and market forces have shown that implementers do not want or
need this kind of an authentication scheme.
-- Mike
-Original Message-
From: oauth-boun...@ietf.or
I remain unconvinced that at this point MTI is going to be useful.
I appreciate that some people want MAC, I could not support it being MTI.
The below text with Bearer as MTI the only would be acceptable, if we need a
MTI token handler.
(I tend to think of token type, as bearer token type JWT/
