This is a simple list of issues we need to burn down in working on the protocol spec(s). See also the issues listed in the Scenarios and Use Cases document.
...
(See
...
- Consider what we should say about whether XRD-3 should be signed. (See 2009-11-19 discussion.)
- Make it clear that, just like in regular OAuth as deployed today, we assume that the same person (the person serving as the authorizing user) is "behind" both the host and the AM.
- Make it clear that, unlike in two-legged OAuth today, the requester somehow needs to present itself uniquely per requesting user.
- Consider whether to allow for querying the "protected status" of a resource. (See 2009-11-02 discussion.)
...
the spec itself for some embedded issues. No issues currently recorded here.)