That is an implementation detail. I am not sure how helpful it would be to have a security consideration section about limiting the number of allowed token exchange requests for a single request token.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Hubert Le Van Gong > Sent: Tuesday, May 12, 2009 3:26 AM > To: [email protected] > Subject: [oauth] Re: Request for new Security Considerations text > > > If I remember correctly, we also talked of recommending or mandating > one-time request tokens. > > Hubert > > > On Wed, May 6, 2009 at 10:43 PM, Eran Hammer-Lahav > <[email protected]> wrote: > > > > We have identified a few new attack vectors since the spec was > originally written and would like to address them in the Security > Consideration section. Please reply with proposals for such texts. > Ideally we can reach some consensus on these by Fri, but if not, we can > add it a bit later since it doesn't affect the protocol directly. > > > > EHL > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
