Yes, I believe you're referring to the earlier discussion with Brian and myself. The term 'mixed-binding' isn't actually being used in the text we submitted but it was coined in the discussion. I agree though, 'full binding' is a more accurate depiction of a reliance on both early and late binding information.
Darren On Tue, May 12, 2009 at 3:01 PM, Breno de Medeiros <[email protected]> wrote: > > I am not sure this is in any document. I have seen it being discussed > as part of the security considerations. > > On Tue, May 12, 2009 at 11:48 AM, Eran Hammer-Lahav <[email protected]> > wrote: > > Can you point to the specific text you are talking about? > > > > > > > > EHL > > > > > > > > From: [email protected] [mailto:[email protected]] On Behalf > Of > > Breno > > Sent: Tuesday, May 12, 2009 8:21 AM > > To: [email protected] > > Subject: [oauth] Re: Request for new Security Considerations text > > > > > > > > One nit: I think the terminology 'mixed binding' conveys the opposite of > > what is intended. Mixed or mis-binding is an accurate description of > > possible errors with an early binding strategy. I suggest 'full binding' > > instead. > > > > On May 12, 2009 7:27 AM, "Eran Hammer-Lahav" <[email protected]> > wrote: > > > > > > That is an implementation detail. I am not sure how helpful it would be > to > > have a security consideration section about limiting the number of > allowed > > token exchange requests for a single request token. > > > > EHL > -----Original Message----- > From: [email protected] > > [mailto:[email protected]] On... > > > >> Of Hubert Le Van Gong > Sent: Tuesday, May 12, 2009 3:26 AM > To: > >> [email protected] > Subject... > > > >> If I remember correctly, we also talked of recommending or mandating > > >> one-time request tokens. > ... > > > > > > > > > > > -- > --Breno > > +1 (650) 214-1007 desk > +1 (408) 212-0135 (Grand Central) > MTV-41-3 : 383-A > PST (GMT-8) / PDT(GMT-7) > > > > -- darren bounds [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
