Can you point to the specific text you are talking about? EHL
From: [email protected] [mailto:[email protected]] On Behalf Of Breno Sent: Tuesday, May 12, 2009 8:21 AM To: [email protected] Subject: [oauth] Re: Request for new Security Considerations text One nit: I think the terminology 'mixed binding' conveys the opposite of what is intended. Mixed or mis-binding is an accurate description of possible errors with an early binding strategy. I suggest 'full binding' instead. On May 12, 2009 7:27 AM, "Eran Hammer-Lahav" <[email protected]<mailto:[email protected]>> wrote: That is an implementation detail. I am not sure how helpful it would be to have a security consideration section about limiting the number of allowed token exchange requests for a single request token. EHL > -----Original Message----- > From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On... > Of Hubert Le Van Gong > Sent: Tuesday, May 12, 2009 3:26 AM > To: > [email protected]<mailto:[email protected]> > Subject... > If I remember correctly, we also talked of recommending or mandating > > one-time request tokens. > ... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
