There were a couple of documents that described standard access tokens. SWT (Simple Web Token was one of those)
The WRAP and OAuth work specifically were token agnostic. -- Dick On 2010-08-31, at 11:54 PM, Jørn Wildt wrote: > Thanks! So OAuth is only concerned with the actual exchange of the > authorization token and access token - not what's in them. Further: > it's up to the OAuth vendor to decide how it should handle those > tokens internally. > > For instance: When an end user grants access to something, then this > is registered internally in the application, and when a resource > webservice receives the access token, it looks it up in the internal > register to see what it is valid for? The specs say nothing about what > the webservice should do with that token. Right? > > /Jørn > > On Sep 1, 7:58 am, John Kristian <[email protected]> wrote: >> It's vendor specific. > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
