-----Original Message----- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Torsten Lodderstedt Sent: Tuesday, August 24, 2010 3:42 PM
> p.11 What is the meaning of "... the authentication of the client is based on > the user-agent's same-origin policy." ? As far as I know, this policy > restricts the hosts the JavaScript client is allowed to interact with. How > does this "feature" authenticate the client on the authorization server? This line came from Brian. > Examples and client authentication: Since BASIC authentication is the default > mechanisms for client authentication, I would suggest to use it in all > examples. This is a political compromise... the examples reflect what the majority consider the common case (using parameters), but the normative text reflects the ideal method. I don't care either way, but I fear that changing the examples will confuse developer using the majority of web services today which focus more on the parameters alternative. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth