On Tue, Jun 8, 2010 at 7:17 AM, George Fletcher <gffle...@aol.com> > 2. Use OpenID and force Person B to "sign in" to photos.example.com > (effectively establishing a relationship with photos.example.com that they > might not want) > > 3. Have photos.example.com be able to accept a token from person B's > authorization service saying this is person B when accessing the protected > resource.
These two options seem equivalent to me. They certainly bring up the same user experience challenges. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
