+1
The predominant industry practice is the use of Bearer tokens, so if either of
Bearer or MAC becomes Mandatory to Implement, it must be the Bearer spec, with
MAC being optional.
I'm fine either remaining silent on this point (leaving the spec token type
agnostic, as Justin suggests), or making Bearer MTI, with MAC either being
optional or not mentioned at all.
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Justin Richer
Sent: Wednesday, November 02, 2011 1:28 PM
To: Phil Hunt
Cc: [email protected]
Subject: Re: [OAUTH-WG] AD review of -22
+1
Leave the current text as is, keep this part of OAuth token-type agnostic.
-- Justin
On Wed, 2011-11-02 at 13:18 -0700, Phil Hunt wrote:
> +1
>
>
> Phil
>
>
> @independentid
> www.independentid.com
> [email protected]
>
>
>
>
>
>
>
>
> On 2011-11-02, at 1:06 PM, John Bradley wrote:
>
> > +1
> > On 2011-11-02, at 4:45 PM, Torsten Lodderstedt wrote:
> >
> > > Hi Stephen,
> > >
> > > I'm concerned about your proposal (7) to make support for MAC a
> > > MUST for clients and BEARER a MAY only. In my opinion, this does
> > > not reflect the group's consensus. Beside this, the security
> > > threat analysis justifies usage of BEARER for nearly all use cases
> > > as long as HTTPS (incl. server authentication) can be utilized.
> > > regards,
> > > Torsten.
> > >
> > > Am 13.10.2011 19:13, schrieb Stephen Farrell:
> > > >
> > > > Hi all,
> > > >
> > > > Sorry for having been quite slow with this, but I had a bunch of
> > > > travel recently.
> > > >
> > > > Anyway, my AD comments on -22 are attached. I think that the
> > > > first list has the ones that need some change before we push
> > > > this out for IETF LC, there might or might not be something to
> > > > change as a result of the 2nd list of questions and the rest are
> > > > really nits can be handled either now or later.
> > > >
> > > > Thanks for all your work on this so far - its nearly there IMO
> > > > and we should be able to get the IETF LC started once these few
> > > > things are dealt with.
> > > >
> > > > Cheers,
> > > > S.
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > OAuth mailing list
> > > > [email protected]
> > > > https://www.ietf.org/mailman/listinfo/oauth
> > > _______________________________________________
> > > OAuth mailing list
> > > [email protected]
> > > https://www.ietf.org/mailman/listinfo/oauth
> >
> >
> > _______________________________________________
> > OAuth mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/oauth
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
