A disadvantage of this method is that it cannot be used in the case where concrete resource uri is unknown to the client until the user gives permission.
Right, this is a different use case. That’s why we need a use-case driven Requirement document to start with. Nat From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley Sent: Wednesday, March 16, 2016 2:57 AM To: Brian Campbell <bcampb...@pingidentity.com> Cc: <oauth@ietf.org> <oauth@ietf.org> Subject: Re: [OAUTH-WG] New Version Notification for draft-hunt-oauth-bound-config-00.txt (..snip..) The advantage of always sending it in the token request is that it allows the AS to do the mapping from a resource URI to one or more abstract audience for the token. That might help address George’s concern. John B. -- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth