On Wed, Jul 14, 2010 at 2:59 PM, Torsten Lodderstedt <[email protected]> wrote: >> The second request (as you pointed out in your original mail) is >> currently used to verify the client identity. Do you have a >> suggestion for an alternate mechanism? >> > > A digital signature over the authz request? Alternatively, the authz server > could encrypt the authz response.
Is anybody else implementing that model...? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
