What is OAuth? The group appears to be private, so is not accessible. david
On 7/27/07, John Panzer <[EMAIL PROTECTED]> wrote: > > You should probably check out OAuth: > http://groups.google.com/group/oauth, and its draft > spec<http://openauth.googlegroups.com/web/OAuth%201.0%20-%20Draft.rtf?gda=s1UWzkYAAAAySf4xbkOgHBZma37zlp9GzEEF__EUK3CcB8RrKx_-nmG1qiJ7UbTIup-M2XPURDT_25fdK7wDxUtwqL26wW_WahD8rT1PnKl_iYB0spTcFQ>. > > > Eran Hammer-Lahav wrote: > > I am not sure if this belongs in the spec list, but I'll give it a try. > > > > I would like to suggest adding some text to section 11.1 (or anywhere else > that's appropriate) that will provide guidelines for using OpenID in a > scenario where the OpenID RP is not the site the user is actually using. The > OpenID specification is written with some bias towards implementation in a > website environment which is the most common use. My aim is to use OpenID as > the authentication method for establishing API sessions. I am building a web > service where the client (any user of the API) requests to create a session > token which can then be used to bypass authentication for a certain period > of time (nothing new here). > > <snip> <snip> > > >
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs