Peter Saint-Andre wrote:
never necessary to include the authzid? I suppose the latter approach is
simpler...
Sure. But that was changed in version 0.0.3 and I don't think we can
"fix" that now nor is there a compelling reason.
No, there is no compelling need -- such flexibility might be desirable
someday, but we don't design for someday.
We can still be liberal in what we accept and deal with empty
authorization ids today.
I have no objections to adding a fallback to the stream's in s2s step 11
if the authorization id is empty. IIRC some servers already do that.
What is the nature of the fallback?
I think it gets obvious if you add a 'from' after "stream's" :-/
The stream's 'from' attribute is used instead of the (empty)
authorization id. Dave?
