https://bz.apache.org/bugzilla/show_bug.cgi?id=64180
Mark Thomas <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement --- Comment #3 from Mark Thomas <[email protected]> --- The current behaviour is as expected / intended. I can see merit in changing the behaviour so empty string and null (not set) are equivalent for secret. We could also clarify that secretRequired indicates whether the secret attribute MUST be set, not whether the client must provide a secret and that (independent of secretRequired) the client MUST provide the correct secret if secret is non-null and non-zero length. Moving this to a proposed enhancement request for the changes described in this comment. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
