Re: [OAUTH-WG] Fwd: secdir review of draft-ietf-oauth-v2

I understand and thanks for clarifying. I agree that there may be services that do not want to support HTTP Basic at all for their authorization flows and that requiring it would weaken the security of OAuth 2.0 and prevent its usage by some applications. Still, the spec, to me, implies that autho

Re: [OAUTH-WG] Fwd: secdir review of draft-ietf-oauth-v2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2011 10:08 PM, Greg Brail wrote: > I understand and thanks for clarifying. I agree that there may be services > that do not want to support HTTP Basic at all for their authorization > flows and that requiring it would weaken the security of OA