John Kemp wrote:
On Jan 15, 2010, at 5:57 PM, Igor Faynberg wrote:
Right, you were authenticated as an authorized bearer of the token, by matching information about the bearer in the token against additional information you provided separately. That's possible without channel security, of course.
Exactly, and I did not see in OAuth a way to enforce the token bearer
authentication, which is one reason I was for channel security. The
other reason is privacy. Even with movie tickets, some people might
prefer that no one know what exactly they are buying. The channel
security sort of takes care of the transaction privacy at the same time
as doing other useful things. I think this will be a serious point in
bringing SIP to use OAuth.
Igor
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
