Both of you are right. Technically there's no irrefutable way to prevent leaking tokens in desktop apps, so forcing pre-registration is simply a way to get developers to agree not to casually release what qualifies as "confidential information". If you do leak said information (i.e. By embedding it in your desktop app) you agree to hold harmless the SP that provided you the token if/when they shut off your key.
The two solutions are complements. Whether the legal solution fully recognizes the limitations of technical solution is another story. Chris On 3/25/09, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > > That's simply not true. When you manually register an application you agree > to legal terms with how you may or may not use the user's data you are > accessing and other legal requirements. Without this agreement, users could > sue the service provider for bad acts by the application. > > EHL > >> -----Original Message----- >> From: oauth@googlegroups.com [mailto:oa...@googlegroups.com] On Behalf >> Of Martin Atkins >> Sent: Wednesday, March 25, 2009 12:28 PM >> To: oauth@googlegroups.com >> Subject: [oauth] Re: Security through obscurity? >> >> >> Eran Hammer-Lahav wrote: >> > But it does make the lawyers happy. >> > >> >> Maybe the lawyers ought to listen to the technical folks telling them >> that requiring pre-registration of desktop apps achieves nothing >> whatsoever. >> >> It can't be healthy to have lawyers who believe they have an effective >> mechanism that is in fact completely ineffective. >> >> >> >> > > > > -- Chris Messina Citizen-Participant & Open Web Advocate factoryjoe.com // diso-project.org // vidoop.com This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
