Hey James,
Thanks for the feedback!
Your counter suggestion is what called usually "Counter-based OTP". It
might not be clear from the draft, but using a counter can result in
devices that are locked-out. As you mentioned, this can be solved by a more
lenient server - but this also weakens the prot
A new meeting session request has just been submitted by Rifaat Shekh-Yusef, a
Chair of the oauth working group.
-
Working Group Name: Web Authorization Protocol
Area Name: Security Area
Session Requester: Rifaat Shekh-Yusef
Number of S
