On Tue, 21 Feb 2012, Michael Richardson wrote: > > >>>>> "Barry" == Barry Leiba <barryleiba@xxxxxxxxxxxx> writes: > Barry> OAuth is an authorization framework, not an authentication > Barry> one. Please be careful to make the distinction. > > Barry> What we're looking at here is the need for an HTTP > Barry> authentication system that (for example) doesn't send > Barry> reusable credentials, is less susceptible to spoofing > Barry> attacks, and so on. > > and is implemented in HTTP, not in terms of HTML forms, yet has all the > flexibility of the HTML form method? And includes the ability for the user to logoff / the server reset the login? _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf