On Fri, Nov 6, 2009 at 2:01 PM, Eran Hammer-Lahav <eran at hueniverse.com> wrote: > It does mean we need to define two sets of authentication methods, one for shared-secret based (symmetric or asymmetric) and one for token-based. We will be able to reuse some of the flow between the two, but it sounds to me like one will need to support more options (RSA) than the other (just HMAC and Plain). > > Comments? +1.
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.