Re: [OAUTH-WG] [WRAP] Username and Password Profile

Tue, 09 Mar 2010 10:01:40 -0800 

Yep - mistake on my part. I the discussion was around section 5.1 and 5.2 on 
OAuth WRAP v0.9.7.2.

-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David 
Recordon
Sent: Tuesday, March 09, 2010 9:46 AM
To: oauth-wrap...@googlegroups.com; oauth@ietf.org
Subject: Re: [OAUTH-WG] [WRAP] Username and Password Profile

@Justin, there's a separate client key and secret profile for making
requests not within the context of a given user.

@Brain, I'm not focused on using this profile for DRM.  Rather for
trusted devices (ideally with TPM) which do not open web browsers
(such as the XBox).

--David

On Tue, Mar 9, 2010 at 9:24 AM, Brian Eaton <bea...@google.com> wrote:
> On Mon, Mar 8, 2010 at 10:33 PM, David Recordon <record...@gmail.com> wrote:
>> Yes.  I was agreeing with your point and suggesting that the profile
>> have the client secret added to the request. :)
>
> Just so we're clear on use cases...  is the primary use case here DRM,
> verifying software on client machines?
>
> Or do folks want to use this for server-to-server calls?
>
> I am not an expert on DRM, but if we're going to try to do DRM in WRAP
> I think we should
> a) learn from prior experience
>   and
> b) get experts involved to write that section of the spec
>   and
> c) call it out as a separate use case and profile, so that people
> don't get confused and misuse the spec in dangerous ways.
>
> Cheers,
> Brian
>
> --
> You received this message because you are subscribed to the Google Groups 
> "OAuth WRAP WG" group.
> To post to this group, send email to oauth-wrap...@googlegroups.com.
> To unsubscribe from this group, send email to 
> oauth-wrap-wg+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/oauth-wrap-wg?hl=en.
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to