On 24/09/13 13:08, Antonio Sanso wrote:
Hi *,
apologis to be back to this argument :).
Let me try to better explain one use case that IMHO would be really good to
have in the OAuth specification family :)
At the moment the only "OAuth standard" way I know to do OAuth server to server
is to use [0] namely Resource Owner Password Credentials Grant.
Let me tell I am not a big fun of this particular flow :) (but this is another
story).
An arguable better way to solve this scenario is to user (and why not to
standardise :S?) the method used by Google (or a variant of it) see [1].
2-way TLS and Resource Owner Password Credentials should be secure
enough, right ?
Cheers, Sergey
Couple of more things:
- I do not know if Google would be interested to put some effort to standardise
it (is anybody from Google lurking :) e.g.Tim Bray :D )
- I am not too familiar with IETF process. Would the OAuth WG take in
consideration such proposal draft??
Thanks and regards
Antonio
[0] http://tools.ietf.org/html/rfc6749#section-4.3
[1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
