On Sat, Dec 1, 2018 at 5:01 AM Torsten Lodderstedt <tors...@lodderstedt.net> wrote:
> > my proposal is to add the following definition (based on 3.8.1.2) to a new > „Terminology" section or to section 2.1.2: > > A sender constrained access token scopes the applicability of an access > token to a certain sender. This sender is > obliged to demonstrate knowledge of a certain secret as prerequisite for > the acceptance of that token at the recipient (e.g. a resource server). > I think that would be sufficient to avoid reading too much into "sender constrained" based on how it is used elsewhere. Thanks. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
