Eran Hammer-Lahav wrote:
Question: Is the ability for a single token-protected resource to support more than one token type (say Plain+SSL *and* HMAC-256) part of our requirements? If not, there is no reason at all for the challenge to include anything other than #1 or #2 (probably defined as a future extension).
A good question! I never thought about that before. I tend to think that it is better to be forward-looking and support more than one token type.
Igor _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
