On 2011-10-20 01:38, Mike Jones wrote:
...
·Removed the #auth-param option from Authorization header syntax
(leaving only the b64token syntax).
...
I recommend that adding a rational, such as:
"The b64token syntax was chosen over an extensible parameter syntax (see
[HTTPbisP7], Section 2.3.1) due to compatibility concerns with early
implementations. If in the future, additional fields will be needed, a
new authentication scheme will have to be defined".
(I think this captures what lead to the choice, and helps other readers
understand why the spec isn't following the recommendations in the HTTP
Authentication spec).
Best regards, Julian
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
