James, On Mon, May 31, 2010 at 10:17 AM, Manger, James H < james.h.man...@team.telstra.com> wrote:
> Nat, > > > All the request parameters MUST be provided through request file. > > "All" doesn't make much sense if params can still appear in the URI, and > override the file. > What about this: Request parameters SHOULD be provided through request file. > > > The "request_url" MUST be provided in the URL. > > This isn't really a "MUST", its just indicates if you are using this > feature (this "flow"). > It is a MUST. Without it, you just cannot obtain other required parameters. > > Would be good to say "A request_url param MUST NOT be provided in a request > file". Probably good to add "A request file MUST be rejected if it includes > a request_url param". > request_url param MAY be provided in a request file. It is just its identifier. It probably is best to be there. > > > I am still not sure if "type" MUST be provided in the URL. > > Conceptually, it need not be there. It depends on how implementors feel. > > > Any other parameters MAY be provided in the URL to override what is in > the request_file, > > I agree. > > > but the URL total length MUST NOT exceed 512 bytes. > > That is reasonable. > > -- > James Manger > -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
