the client_id parameter had been added to the token endpoint in -16. As
far as I remember, the reason was to properly separate client
identification and authentication in order to support further client
authentication methods.
quote from
"http://www.ietf.org/mail-archive/web/oauth/current/msg
-16 was a failed attempt to accomplish this separation of authentication and
identification. It didn't work. When working on –17 I had about 5 messages in
my queue with questions and issues regarding the duplication of client
identifier information between Basic and the parameter, the fact that
We had a discussion at the OAuth working group meeting about the worries people
have with using TLS.
Here is a relevant mail from a discussion around TCP crypt.
Begin forwarded message:
> From: Eric Rescorla
> Date: July 28, 2011 10:53:00 AM EDT
> To: tsv-a...@ietf.org
> Subject: SSL/TLS Perf
I would be very much in favor of that addition/clarification.
On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav wrote:
>
> [...] and I can also add a short note that public clients may use
> the client_id for the purpose of identification with the token endpoint.
> EHL
>
+1
Am 28.07.2011 15:10, schrieb Brian Campbell:
I would be very much in favor of that addition/clarification.
On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav wrote:
[...] and I can also add a short note that public clients may use
the client_id for the purpose of identification with the to
Perfect. I'll make this change after the last call before sending this to IETF
LC.
EHL
From: Torsten Lodderstedt
mailto:tors...@lodderstedt.net>>
Date: Thu, 28 Jul 2011 12:59:19 -0700
To: Brian Campbell
mailto:bcampb...@pingidentity.com>>
Cc: Eran Hammer-lahav mailto:e...@hueniverse.com>>, oau
My working group last call comments on draft-ietf-oauth-v2-bearer-08.txt:
1. Mentioning that this is an HTTP authentication mechanism in the title and/or
abstract would be useful to the wider IETF (& beyond) audience.
Title:
"The BEARER HTTP authentication mechanism for use with OAuth 2"
Abstr
Hi Igor,
At 10:39 PM 7/20/2011, Igor Faynberg wrote:
the communication can emanate directly from them or IAB can
appoint a liaison to OMA, who will convey future
communications. But this is a procedural matter, and I am sure it
Murray Kucherawy was appointed as liaison to the Open Mobile Al