Withdrawn. I just don't care enough to waste any more time on this. I'll wait for the revised text assigned at the meeting and will integrate at the direction of the chairs.
EHL On Apr 1, 2011, at 2:14, "Eran Hammer-Lahav" <[email protected]<mailto:[email protected]>> wrote: There was (still is) a long heated debate at the WG meeting today about client authentication and the dropped client assertion credentials section. I want to repeat my past view (and this time post it as an open issue), that this entire section makes no sense in this document. OAuth should not be defining hackish HTTP authentication schemes, especially ones not using the RFC2617 framework. Someone can easily register the client_password parameter as an extension (it’s a nasty hack but I won’t stand in its way), as well as any other poorly design client authentication scheme using form-encoded parameters to authentication an HTTP request… So – I want to see section 3 turned into a brief discussion about client authentication which gives HTTP Basic auth as an example and nothing else. Client authentication is already 95% out of scope. EHL _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
