> but actually we should be making decisions at higher > levels where the permission correspond to things the user understands > (e.g. "my account at Google" or "my Flickr photos" or "this album in > Picasa").
Salesforce.com oauth client for Android is a good example of this http://wiki.developerforce.com/index.php/Building_Android_Applications_with_the_Force.com_REST_API Its a gap in all Mobile OS as far as I can tell, which makes it doubly nice that Salesforce open sourced their work -gunnar _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________