Ah, I totally forgot about the whole "consumer key" nomenclature.
It would make me incredibly happy if OAuth talked about "consumer name" and "consumer secret", because crypto geeks and others tend to think that "keys" are secrets. The OAuth consumer key is not secret, thus leading to confusion. Given that oauth_consumer_key is baked into the protocol, this might be a lost cause. On Mon, Mar 2, 2009 at 5:28 PM, Manger, James H <james.h.man...@team.telstra.com> wrote: > OAuth’s use of “Consumer Developer” versus “Consumer” can be confusing. > > > > It can sound like the OAuth spec is trying to distinguish: the software > developer who wrote a web app; from a web site where the web app is > deployed. A software developer can write lots of web apps. A web app can be > installed on lots of independent web sites. I don’t think this is the > intention. The desired difference is between a human (“Application Owner”) > who can complete a registration process, and a computer program > (“Application”) that is configured with keys and secrets. > > > > It might be clearer to avoid the “Consumer Developer” term – perhaps saying > that a Key and Secret must be obtained for a Consumer from the Service > Provider. > > > > James Manger > james.h.man...@team.telstra.com > Identity and security team — Chief Technology Office — Telstra > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
