I changed my mind on this one. A. The fact that scopes are not standardized in OAuth today does not mean that in the future *some* scopes (e.g., related to portable contacts) may be standardized.
B. The consumer key is an intrinsic identifier of the party requesting association and probably should be included, with the realm, in the association request (if available). There is no need, however, to include any additional information in the authentication request. The consumer key can be bound to the association handle. On Thu, Nov 13, 2008 at 6:43 PM, Allen Tom <[EMAIL PROTECTED]> wrote: > In the future, we might update our OAuth service to allow developers to pass > us the scope dynamically, rather than binding the scope to the CK. However, > we'd still probably require developers to agree to a TOS in order to get a > CK/CS. > > I'm concerned about having to tell developers to pass the CK via the scope > parameter for the first revision, and then later telling them that scope > parameter actually means the scope. I'd like to have one parameter (possibly > optional) that means CK, and another parameter (also optional) that means > Scope. Overloading a single parameter can get really messy in the long run. > > Allen > > > > > > > > Breno de Medeiros wrote: >> >> Ok, but what is wrong for you to instruct the developers to insert the >> consumer_key in the scope parameter, and they bind it to the approved >> request token? >> > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs