On Tue, Jul 13, 2010 at 1:06 PM, Blaine Cook <[email protected]> wrote: > Don't leak it, and treat it as though it were a > password", then we avoid having to explain (embarrassingly) that the > "capability" actually meant something like "password".
For the initiated, that's what "capability" means. How about this language "Access tokens are bearer authentication tokens, such as passwords or capabilities." I'd encourage the use of the word "capability" because a lot of the use cases that OAuth 2 enables over OAuth 1 involve using the token like a capability, sharing it across multiple components to convey authorization. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
