Hi all I wonder whether the question of "signature in the main specification or in a separate document" does not really matter. It is purely a matter of document management style.
The important question is whether there will be a **mandatory to implement** or **mandatory to use** someone in the document set. Mandatory to use is typically hard to enforce unless there is only one approach possible. This does not seem to be the case. So, everything then boils down to the question: What is mandatory to implement? (in this specific case with regard to security) Ciao Hannes
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
