Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-06.txt

Fri, 15 Feb 2013 18:03:45 -0800 

Justin,

Section 5.1 of RFC6749 "OAuth 2.0 Authorization Framework" states:

        "The authorization server MUST include the HTTP "Cache-Control"
         response header field [RFC2616] with a value of "no-store" in any
        response containing tokens, credentials, or other sensitive
        information, as well as the "Pragma" response header field [RFC2616]
        with a value of "no-cache"."

I've noticed several of the response examples in the current and previous 
versions of "draft-ietf-oauth-dyn-reg-xx.txt" fail to include the required 
"Pragma: "no-cache" directive.  I assume this is an oversight and am merely 
pointing out that it needs to be included.

Best regards,
Don
Donald F. Coffin
Founder/CTO

REMI Networks
22751 El Prado Suite 6216
Rancho Santa Margarita, CA  92688-3836

Phone:      (949) 636-8571
Email:       [email protected]


-----Original Message-----
From: [email protected] [mailto:[email protected]] 
Sent: Friday, February 15, 2013 1:54 PM
To: [email protected]
Cc: [email protected]
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-dyn-reg-06.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Web Authorization Protocol Working Group of 
the IETF.

        Title           : OAuth Dynamic Client Registration Protocol
        Author(s)       : Justin Richer
                          John Bradley
                          Michael B. Jones
                          Maciej Machulak
        Filename        : draft-ietf-oauth-dyn-reg-06.txt
        Pages           : 21
        Date            : 2013-02-15

Abstract:
   This specification defines an endpoint and protocol for dynamic
   registration of OAuth Clients at an Authorization Server.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-06

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dyn-reg-06


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/



_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to