Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't undestand

You need to be more specific about what is confusing you. V2-16 7.1 is just an example. For using MAC you need to refer to the MAC spec. How you generate your access token string is an internal detail but your use of the authorization code in the algorithm is odd, IMO. The MAC is calculated

Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't undestand

Ok thank you. I will be more specific: 1- Client - Authorization server. (via TLS) I build the authorization request with response_type = code, client_id, redirect_uri. 2- Authorization server - Client. (without TLS) I grant access with an authorization code generated (for example) with

[OAUTH-WG] See everyone in the morning

If you're planning to attend in person then you'll want to head to 1050 Page Mill Road in Palo Alto. There's a bunch of parking behind the building so feel free to park anywhere in that lot. You'll then want to head to the lobby of building 1 which is the largest; the lobby is on the Page Mill

Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft 6. I don't undestand

From: denadai2 denad...@gmail.commailto:denad...@gmail.com Date: Sun, 22 May 2011 08:27:41 -0700 To: Eran Hammer-lahav e...@hueniverse.commailto:e...@hueniverse.com Cc: oauth@ietf.orgmailto:oauth@ietf.org oauth@ietf.orgmailto:oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth 2.0-16 + mactoken draft

[OAUTH-WG] draft 16 review notes

I just read over the whole of the draft for the first time in a while.  I looked it over mostly for a) places where spec and reality were going to have trouble intersecting    and b) places where security advice would be useful    and c) grammer and speling, because I notices things like that

[OAUTH-WG] security considerations - authorization tokens

As I said in the other note, after reading through the security considerations section a couple of times, I think it could benefit from a different organization. Specifically - keep the introduction, it’s awesome. - write new sections for each of the following 1) Authorization Tokens 2)

[OAUTH-WG] Draft 16 comment

First, I'd like to add my support for Brian Eaton's comments on Draft 16. They actually helped clarify the comment I have below I found section 9 to be in contradiction to a part of section 6. In particular in section 9: Native applications SHOULD use the authorization code grant type

Re: [OAUTH-WG] draft 16 review notes

It would be great if you could do a similarly detailed read of the bearer token spec as well! -- Mike Sent from my Windows Phone -Original Message- From: Brian Eaton Sent: Sunday, May 22, 2011 8:39 PM To: oauth@ietf.org Subject: [OAUTH-WG] draft 16 review notes I just read over the