On Thu, Jun 2, 2011 at 5:08 PM, Peter Saint-Andre <[email protected]>wrote:
> I think the SHOULD we had originally is probably fine -- with the > understanding that "SHOULD" means "you really ought to do this unless > you have a good reason not to". I think one such really good reason > might be a authorization server that doesn't allow unauthenticated > clients (i.e., clients that are not pre-registered or don't have > certificates or whatever). Really? What are you thinking of as "limited duration" credentials for a desktop application?
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
