On Thu, Jun 16, 2011 at 12:56 PM, Torsten Lodderstedt < [email protected]> wrote:
> ** > Certainly not. Are we discussing to make client authentication required > just for syntactical purposes? > That is what I'd like to see. >From my perspective, no harm is done by making client authentication a syntactical requirement of the protocol. - clients that can't keep secrets aren't harmed; they have the exact same security they do today. - everyone else benefits because the spec becomes simpler and more consistent.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
