I guess, in the ideal world, the app provider provide a group
signature for the app and each client establishes individual keys with
AS, but that is not the way current oauth is architected. Maybe the
next step after the current set of the new work items are finished.
=nat via iPhone
On 2012/06/0
Hey Adam...
There's been a bunch of work done adapting OAuth to enterprise use-cases.
Check out the oauth assertions draft and the saml and jwt bindings. In
addition, a number of deployments have established strong patterns for using
the more common flows in enterprise settings. I'd be h
Hi John,
"Most of OAuth is predicated on not sharing the users credential with the
client, because clients are not trusted."
This is exactly my point. I clearly understand the driving motivations for why
OAuth was designed the way that it was. I certainly would not want to give
website-A my
On Jun 9, 2012, at 1:20 PM, Melinda Shore wrote:
> On 6/9/12 12:56 AM, Dick Hardt wrote:
>> Mike emailed me the draft and asked if I would publish it.
>> I reviewed the draft and I thought it captured consensus.
>
> Chairs call consensus.
Agreed. I thought it captured the consensus that Hannes
On 6/9/12 12:56 AM, Dick Hardt wrote:
Mike emailed me the draft and asked if I would publish it.
I reviewed the draft and I thought it captured consensus.
Chairs call consensus.
I noted that Hannes had asked Eran to publish the edits a week ago
There have been numerous indications that Eran h
Mike emailed me the draft and asked if I would publish it.
I reviewed the draft and I thought it captured consensus.
I noted that Hannes had asked Eran to publish the edits a week ago
There have been numerous indications that Eran has lost interest in continuing
as editor. Eg. his decision to
