On Tue, Jul 13, 2010 at 1:40 PM, Igor Faynberg <[email protected]> wrote: > In this case, the term "capability" MUST be defined up front. The word > "capability" seems to carry a much broader meaning than password...
It has a standard definition we can reference. From http://www.ietf.org/rfc/rfc2828.txt $ capability (I) A token, usually an unforgeable data value (sometimes called a "ticket") that gives the bearer or holder the right to access a system resource. Possession of the token is accepted by a system as proof that the holder has been authorized to access the resource named or indicated by the token. (See: access control list, credential, digital certificate.) (C) This concept can be implemented as a digital certificate. (See: attribute certificate.) _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
