[security-dev] Discussion on OAuth and Enterprise Federation