Re: [OAUTH-WG] treatment of client_id for authentication and identification

the client_id parameter had been added to the token endpoint in -16. As far as I remember, the reason was to properly separate client identification and authentication in order to support further client authentication methods. quote from "http://www.ietf.org/mail-archive/web/oauth/current/msg

Re: [OAUTH-WG] treatment of client_id for authentication and identification

-16 was a failed attempt to accomplish this separation of authentication and identification. It didn't work. When working on –17 I had about 5 messages in my queue with questions and issues regarding the duplication of client identifier information between Basic and the parameter, the fact that

[OAUTH-WG] Fwd: SSL/TLS Performance Data

We had a discussion at the OAuth working group meeting about the worries people have with using TLS. Here is a relevant mail from a discussion around TCP crypt. Begin forwarded message: > From: Eric Rescorla > Date: July 28, 2011 10:53:00 AM EDT > To: tsv-a...@ietf.org > Subject: SSL/TLS Perf

Re: [OAUTH-WG] treatment of client_id for authentication and identification

I would be very much in favor of that addition/clarification. On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav wrote: > > [...] and I can also add a short note that public clients may use > the client_id for the purpose of identification with the token endpoint. > EHL >

Re: [OAUTH-WG] treatment of client_id for authentication and identification

+1 Am 28.07.2011 15:10, schrieb Brian Campbell: I would be very much in favor of that addition/clarification. On Thu, Jul 28, 2011 at 9:20 AM, Eran Hammer-Lahav wrote: [...] and I can also add a short note that public clients may use the client_id for the purpose of identification with the to

Re: [OAUTH-WG] treatment of client_id for authentication and identification

Perfect. I'll make this change after the last call before sending this to IETF LC. EHL From: Torsten Lodderstedt mailto:tors...@lodderstedt.net>> Date: Thu, 28 Jul 2011 12:59:19 -0700 To: Brian Campbell mailto:bcampb...@pingidentity.com>> Cc: Eran Hammer-lahav mailto:e...@hueniverse.com>>, oau

[OAUTH-WG] draft-ietf-oauth-v2-bearer-08.txt WGLC comments

My working group last call comments on draft-ietf-oauth-v2-bearer-08.txt: 1. Mentioning that this is an HTTP authentication mechanism in the title and/or abstract would be useful to the wider IETF (& beyond) audience. Title: "The BEARER HTTP authentication mechanism for use with OAuth 2" Abstr

Re: [OAUTH-WG] OMA Liaison Has Arrived! [ was Re: Deutsche Telekom launched OAuth 2.0 support]

Hi Igor, At 10:39 PM 7/20/2011, Igor Faynberg wrote: the communication can emanate directly from them or IAB can appoint a liaison to OMA, who will convey future communications. But this is a procedural matter, and I am sure it Murray Kucherawy was appointed as liaison to the Open Mobile Al