On Wed, Jul 23, 2008 at 4:05 PM, David Primmer <[EMAIL PROTECTED]> wrote: > There are ways to implement the OAuth SP that don't require the same > server that serves resources to be the one taking credentials or > delegation from the end user. The OAuth docs and the samples at > OAuth.net tend to lump these together but this is not the way I see it > happening at scale.
This was always a maddening OAuth restriction to me: that the producer and consumer of the token had to be the same entity. So it's good Shindig forges ahead here. > The OAuth SP code in shindig right now does not > have any of these UI components and if it ever does, they will > probably be very simple examples. This has been discussed (using a > SAML redirect in the middle of the OAuth flow) on the oauth google > group a few times. SAML? A SOAP based standard? The nerve! ;) Anyway, I'll check the mailing lists for more info though. Thanks! Hans
