On Tue, Apr 20, 2010 at 10:23 AM, Eran Hammer-Lahav <[email protected]> wrote: > I’m not aware of anyone arguing against this feature. The only issue is a > full security review before we add it to the spec. If one of the security > experts here can spend a few minutes to review this, we can move forward and > add it to the draft.
I'd like to see some solutions mature in the wild. Once we figure out best practices in the real world, it'll be a lot easier to put good policy on paper. I just don't think we have a solid answer, and I don't want something ending up in the spec that we will regret later. Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
