Eran,
Excellent write-up. Couple of quick points:
a) Instead of another easy-to-read specification document
of some kind, might be easier to write an OAuth Primer (similar to what
W3C does). The document can have a section on Lessons learned from
implementations. Naturally
a) Instead of another easy-to-read specification document
of some kind, might be easier to write an OAuth Primer (similar to what
W3C does). The document can have a section on Lessons learned from
implementations. Naturally all of these will get folded into the RFC.
The spec