Clients are always limited to what the server decides to support. If a server only supports 1.0a, the client has no other options. So as long as servers support both versions, clients will be able to use both versions... or am I missing something?
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Eaton > Sent: Monday, May 04, 2009 11:12 AM > To: [email protected] > Subject: [oauth] Re: Security Fix Charter > > > On Mon, May 4, 2009 at 11:07 AM, Eran Hammer-Lahav > <[email protected]> wrote: > >> I think there should be a 6th charter item: allow consumers to > support > >> both the broken and the fixed protocols. > > > > You mean #4? > > I read #4 as "service providers", so long as it includes consumers I'm > good with it. > > >> This will require additional documentation updates at every service > >> provider and more fiddling for consumers. I know that it seems like > a > >> simple solution, but appearances are deceiving. Requiring new URLs > >> will be fairly painful and will slow deployment. > > > > I'd like to hear from more providers with deployed services. > > +1. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
