I am not sure this is in any document. I have seen it being discussed as part of the security considerations.
On Tue, May 12, 2009 at 11:48 AM, Eran Hammer-Lahav <[email protected]> wrote: > Can you point to the specific text you are talking about? > > > > EHL > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > Breno > Sent: Tuesday, May 12, 2009 8:21 AM > To: [email protected] > Subject: [oauth] Re: Request for new Security Considerations text > > > > One nit: I think the terminology 'mixed binding' conveys the opposite of > what is intended. Mixed or mis-binding is an accurate description of > possible errors with an early binding strategy. I suggest 'full binding' > instead. > > On May 12, 2009 7:27 AM, "Eran Hammer-Lahav" <[email protected]> wrote: > > > That is an implementation detail. I am not sure how helpful it would be to > have a security consideration section about limiting the number of allowed > token exchange requests for a single request token. > > EHL > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On... > >> Of Hubert Le Van Gong > Sent: Tuesday, May 12, 2009 3:26 AM > To: >> [email protected] > Subject... > >> If I remember correctly, we also talked of recommending or mandating > >> one-time request tokens. > ... > > > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
