Is that an objection to including a username parameter in the spec? EHL
> -----Original Message----- > From: Brian Eaton [mailto:[email protected]] > Sent: Tuesday, April 20, 2010 11:04 AM > To: Eran Hammer-Lahav > Cc: [email protected]; OAuth WG > Subject: Re: [OAUTH-WG] Issue: 'username' parameter proposal > > On Tue, Apr 20, 2010 at 10:23 AM, Eran Hammer-Lahav > <[email protected]> wrote: > > I'm not aware of anyone arguing against this feature. The only issue > > is a full security review before we add it to the spec. If one of the > > security experts here can spend a few minutes to review this, we can > > move forward and add it to the draft. > > I'd like to see some solutions mature in the wild. Once we figure out best > practices in the real world, it'll be a lot easier to put good policy on > paper. > > I just don't think we have a solid answer, and I don't want something ending > up in the spec that we will regret later. > > Cheers, > Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
