Yep - mistake on my part. I the discussion was around section 5.1 and 5.2 on OAuth WRAP v0.9.7.2.
-----Original Message----- From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David Recordon Sent: Tuesday, March 09, 2010 9:46 AM To: oauth-wrap...@googlegroups.com; oauth@ietf.org Subject: Re: [OAUTH-WG] [WRAP] Username and Password Profile @Justin, there's a separate client key and secret profile for making requests not within the context of a given user. @Brain, I'm not focused on using this profile for DRM. Rather for trusted devices (ideally with TPM) which do not open web browsers (such as the XBox). --David On Tue, Mar 9, 2010 at 9:24 AM, Brian Eaton <bea...@google.com> wrote: > On Mon, Mar 8, 2010 at 10:33 PM, David Recordon <record...@gmail.com> wrote: >> Yes. I was agreeing with your point and suggesting that the profile >> have the client secret added to the request. :) > > Just so we're clear on use cases... is the primary use case here DRM, > verifying software on client machines? > > Or do folks want to use this for server-to-server calls? > > I am not an expert on DRM, but if we're going to try to do DRM in WRAP > I think we should > a) learn from prior experience > and > b) get experts involved to write that section of the spec > and > c) call it out as a separate use case and profile, so that people > don't get confused and misuse the spec in dangerous ways. > > Cheers, > Brian > > -- > You received this message because you are subscribed to the Google Groups > "OAuth WRAP WG" group. > To post to this group, send email to oauth-wrap...@googlegroups.com. > To unsubscribe from this group, send email to > oauth-wrap-wg+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/oauth-wrap-wg?hl=en. > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth