YES!!! (I wish I could have made this point myself as clear as George
did.)
In fact, I think this ought to be a fundamental requirement for OAuth
applicability within several domains, health services in particular.
Igor
George Fletcher wrote:
... The point of signatures is not to enable authorization but to
ensure that release of data only happens within the context that was
authorized by the user.
...
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
