Thanks Mark. > -----Original Message----- > From: Mark Mcgloin [mailto:mark.mcgl...@ie.ibm.com] > Sent: Wednesday, September 29, 2010 8:28 AM
> I think acquiring and using a token can be considered core as you always > need both. I don't have valid security consideration linkage between > acquiring and using the token to back up my assertion that it may confuse > developers if we separate them (yet) Just to be clear, the 'core' designation is completely virtual. No specification will say 'core' in it or position itself as more authoritative than others. OAuth is already a modular protocol with its different profiles and use cases. We have been using this term to talk about the primary document, but with this proposal it is no longer a useful term. I think that positioning the OAuth name as the 'protocol for exchanging one set of credentials for an access token via HTTP' is useful. What happens next is not always strictly OAuth. This is especially true when the token is used with new or existing schemes that are outside the scope of this working group. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
