On 2010-04-07, at 4:26 PM, Eran Hammer-Lahav wrote: > Latest is always at: > > http://github.com/theRazorBlade/draft-ietf-oauth > > (xml is always up to date. txt and html when I can. Atom feed available) > > --- > > I finished going over sections 1-4 which includes the overview, flows, and > refresh method. Next is using tokens. By finished I mean those sections are > ready to be submitted as a working group draft -00. > > Unfortunately I am unable (or unwilling) to go back and review comments made > to sections I previously ignored. Please review sections 1-4 again and > submit any changes needed for a -00 draft. This means focus on critical > changes that should be made before the document is considered a starting > point for the working group. > > Open issues: > > * token size limit > * restriction on values characters > * specificity of the assertion flow > * parameter name prefix > * single authorization endpoint > * inclusion of both user-agent flow and native application flow > * requiring HTTPS for bearer token protected resource requests > * username parameter proposal > * scope parameter > * adding refresh token as optional in all access token requests > * limiting signed requests to use the auth header (no query / form body)
Are these issues where you expect to have a consensus vote and you are only looking for other issues, or are you looking for feedback on these as separate emails as well? -- Dick _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
