I'm reading the AC4 draft and I want to understand the problems it's actually
trying to solve, which isn't as clear as it could be in the prose. It looks
like it's extending OAuth to:
1) Allowing the client to specify a desired authentication level.
2) Giving the client an opaque identifier to differentiate users.
3) Telling the client what level of authentication was used.
Do I have this right?
Thanks,
-bill
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
