+1 on "like a password", or something similar-and-meaningful because that's exactly how it's being used here. Pre-shared key, shared secret, etc, would be fine. Keep in mind that authentication *will be done* using the bearer token, and the bearer token alone.
An OAuth token is unlike capabilities in that capabilities tend to be bound to addressable data – in most OAuth deployments, the data addressing is separate from the token. b. On 13 July 2010 19:46, Richer, Justin P. <[email protected]> wrote: >>> I would be very unhappy if we equated access tokens with passwords. >>> >>> I agree with Dirk that "capability" is a more expressive phrase than either >>> "shared secret" or "password". > >> Expressive to you and people well-versed in security theory. It means >> nothing to a casual reader. The token definition includes the term, but in >> this section, it is referring to how an access token is used, and it is used >> just like a password. > > Definitely agree with Eran here. The term "capability" doesn't mean much to > me in this circumstance, but "like a password" tells me exactly what I, as an > implementer, can expect. > > -- Justin > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
