@Justin, there's a separate client key and secret profile for making requests not within the context of a given user.
@Brain, I'm not focused on using this profile for DRM. Rather for trusted devices (ideally with TPM) which do not open web browsers (such as the XBox). --David On Tue, Mar 9, 2010 at 9:24 AM, Brian Eaton <bea...@google.com> wrote: > On Mon, Mar 8, 2010 at 10:33 PM, David Recordon <record...@gmail.com> wrote: >> Yes. I was agreeing with your point and suggesting that the profile >> have the client secret added to the request. :) > > Just so we're clear on use cases... is the primary use case here DRM, > verifying software on client machines? > > Or do folks want to use this for server-to-server calls? > > I am not an expert on DRM, but if we're going to try to do DRM in WRAP > I think we should > a) learn from prior experience > and > b) get experts involved to write that section of the spec > and > c) call it out as a separate use case and profile, so that people > don't get confused and misuse the spec in dangerous ways. > > Cheers, > Brian > > -- > You received this message because you are subscribed to the Google Groups > "OAuth WRAP WG" group. > To post to this group, send email to oauth-wrap...@googlegroups.com. > To unsubscribe from this group, send email to > oauth-wrap-wg+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/oauth-wrap-wg?hl=en. > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth