Note that I hope/plan to do an actual review again (it's been awhile) for this WGCL but did want to jump in on one point below.
On Mon, Aug 11, 2025 at 3:01 PM Watson Ladd <[email protected]> wrote: > I have some concerns: > > - Requiring the requesting service to be in the Trust Domain of the > token seems backwards to me. Surely we want these tokens to cross > trust domains. > No, I believe transaction tokens are, and have been since their inception, appropriately scoped to be an "internal" construct for use within a single trust domain. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
