Hi all,
I noticed room for a correction in Appendix E, which currently says:
o Access token retention -- in OAuth 2.0, the access token is sent
with each request to the RS. In this framework, the RS must be
able to store these tokens for later use. See Section
5.10.1<https://datatracker.ietf.org/doc/html/draft-ietf-ace-oauth-authz-41#section-5.10.1>.
It is not correct to say that OAuth requires every request to contain the
access token.
I have corrected this statement with this PR here:
https://github.com/ace-wg/ace-oauth/pull/195
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
