On Thu, Jun 2, 2011 at 4:24 PM, Thomas Hardjono <hardj...@mit.edu> wrote:
> Oh ok, now I get what "authenticating the client" means here. My bad. > Perhaps the term "authenticating" is not accurate. Maybe "integrity > verification" of client code is a better phrase. It *may* include integrity verification of the client binary, but in the use cases I'm envisioning it's more a verification of the identity of the application publisher, and that the publisher has a business relationship with the OAuth authorization provider, such as a developer registration. In some case that matters. Regards, Dave David B. Nelson Sr. Software Architect Elbrys Networks, Inc. www.elbrys.com +1.603.570.2636 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth