Re: [OAUTH-WG] Minutes from the OAuth Design Team Conference Call - 11th February 2013

Who has a rather detailed description about the three key distribution machanisms? Please tell me if I am wrong in understanding them only from the ppt and previouse mac and hotk document: 1. The key distributuon means AS distributing a short-term-key to client and RS; 2. AS and RS has

Re: [OAUTH-WG] Registration: Client secret rotation

Sounds reasonable. # just started to catch up with the emails of past 6 days... 2013/2/13 Mike Jones michael.jo...@microsoft.com: +1 From: John Bradley Sent: 2/12/2013 8:20 AM To: Justin Richer Cc: Mike Jones; oauth@ietf.org Subject: Re: [OAUTH-WG]

Re: [OAUTH-WG] Registration: Endpoint Definition ( operation parameter)

+1 2013/2/13 Torsten Lodderstedt tors...@lodderstedt.net: Am 12.02.2013 um 15:57 schrieb Justin Richer jric...@mitre.org: I think that's a very important difference. I fully agree. ___ OAuth mailing list OAuth@ietf.org

Re: [OAUTH-WG] Registration: RESTful client lifecycle management

When sending an update, a client MUST send all metadata fields returned from the server in its initial registration or previous read or update call, including its client_id. A server MAY replace any missing or invalid fields with default values, or it MAY return an error as described in the

Re: [OAUTH-WG] Registration: RESTful client lifecycle management

I agree. If we have it at all, DELETE should be a declaration by the Client that requests by it should no longer be honored. It should be up to the Server whether to implement this as suspension or deletion. At most, I believe it should be an optional operation, which MAY be supported.