On Wed, Jul 14, 2010 at 11:02 PM, Torsten Lodderstedt <tors...@lodderstedt.net> wrote: > why that? If there will be a signature proposal for resource server access, > the same (simplified?) model could be applied to the authz server's API.
Sure. Other folks have used signed URLs in this kind of protocol as well: http://developer.yahoo.com/bbauth/user.html. Why not write up your proposal as an alternate flow (right next to "user-agent" and "web-server") and see whether other people will implement it? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
