----- Original Message ----
> From: Marius Scurtescu <mscurte...@google.com>
> To: Oleg Gryb <o...@gryb.info>
> Cc: oauth@ietf.org
> Sent: Tue, August 3, 2010 9:00:20 AM
> Subject: Re: [OAUTH-WG] Is User Agent Profile Secure in OAuth 2.0?
>
> On Mon, Aug 2, 2010 at 10:21 PM, Oleg Gryb <oleg_g...@yahoo.com> wrote:
> > Brian,
> >
> > I think, it's not so much about browsers written in Python, as about
> > automation (crawler) that somebody might want to use.
>
> The User-Agent profile cannot be used by crawlers, the end user needs
> to be present to approve.
Why? There are crawlers that can do approval/authentication by providing
credentials in a request, e.g. when you want to trade stocks at ameritrade.com,
you usually need to provide creds, but if you're too lazy to do that, you can
write a crawler that will do it for you. The examples are numerous and very
common for the user agents written in P/R languages. Regarding AOuth, I can
envision the following scenario: log to Facebook, select photos, request
Facebook to print those photos at printig.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
