One nit: I think the terminology 'mixed binding' conveys the opposite of what is intended. Mixed or mis-binding is an accurate description of possible errors with an early binding strategy. I suggest 'full binding' instead.
On May 12, 2009 7:27 AM, "Eran Hammer-Lahav" <[email protected]> wrote: That is an implementation detail. I am not sure how helpful it would be to have a security consideration section about limiting the number of allowed token exchange requests for a single request token. EHL > -----Original Message----- > From: [email protected] [mailto: [email protected]] On... > Of Hubert Le Van Gong > Sent: Tuesday, May 12, 2009 3:26 AM > To: [email protected] > Subject... > If I remember correctly, we also talked of recommending or mandating > one-time request tokens. > ... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
