On Thu, Jul 7, 2011 at 10:49 AM, Anthony Nadalin <tony...@microsoft.com>wrote:
> When we constructed the current structure in Prague we thought that > structure best fit the needs of a implementer, so my preference would be to > keep it as it is now but, Torsten / Mark / Phil also may have feedback. > Really? The current doc has *no guidelines* on how to implement authorization tokens whatsoever. So even if you like the current organization of the security considerations, I suspect you'll agree it would make sense to offer some guidance on how these tokens ought to be implemented.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
