Is this really a MUST? EHL
On 4/13/10 7:23 AM, "[email protected]" <[email protected]> wrote: All, I think the draft should explicitly state that the Authorization server MUST use Cache-Control: no-store on all responses that contain tokens or other sensitive information, since this is critical to the security properties of the protocol Regards, Jeroen _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
