Hi all,
I just posted a new revision of the proposed text for the core draft's
security considerations section
(http://tools.ietf.org/html/draft-lodderstedt-oauth-securityconsiderations-02).
The text makes some strong statements wrt client secrets/authentication,
HTTPS, refresh tokens and other topics. This is to facilitate a clear
and understandable specification while also considering (and supporting)
_all_ relevant use cases (e.g. native apps).
Since this is the last major building block of the draft, we would like
to include this text as soon as possible.
So please give your feedback soon!
thanks in advance,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
