On 4/14/11 3:56 PM, Eran Hammer-Lahav wrote: <snip/>
> In practice, this invents a new HTTP authentication scheme. Eran, during the WG meeting in Prague you said the same thing, and I tend to agree. Yes, client authentication is a good thing, but given that OAuth happens over HTTP I don't see why we can't just use existing HTTP authentication schemes. If BASIC and DIGEST aren't good enough, then someone needs to develop a new HTTP authentication scheme. However that's not a job for the OAuth WG as far as I can see... Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
