Maybe, but that's something we actually have wide consensus that is not needed. The current draft replaces signatures for obtaining an access token using other means.
EHL From: Lukas Rosenstock [mailto:[email protected]] Sent: Monday, September 27, 2010 2:43 PM To: Eran Hammer-Lahav Cc: [email protected] Subject: Re: [OAUTH-WG] Document Management Issue (Signatures) 2010/9/27 Eran Hammer-Lahav <[email protected]<mailto:[email protected]>> I would also be happy with the core only dealing with *getting* a token, and moving all text about *using* a token to other documents. This will produce three parts: 1. Getting a document 2. Using bearer tokens 3. Using cryptographic tokens Won't there be any scenarios in which signatures are required for getting a token, like in OAuth 1 (the request is signed with the client id/secret)?
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
