We implement the second option in our SSO protocol.
Am 15.07.2010 um 01:02 schrieb Brian Eaton <[email protected]>: > On Wed, Jul 14, 2010 at 2:59 PM, Torsten Lodderstedt > <[email protected]> wrote: >>> The second request (as you pointed out in your original mail) is >>> currently used to verify the client identity. Do you have a >>> suggestion for an alternate mechanism? >>> >> >> A digital signature over the authz request? Alternatively, the authz server >> could encrypt the authz response. > > Is anybody else implementing that model...? _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
