Hi! I'm new to this group. I am very grateful for the possibility it
brings me to ask questions, so thanks in advance ;)
Reading the spec of OAuth there's something whose motivation I can't
understand. Why distinguishing between a Request Token first, and an
Access Token next? I agree that from a theoretical, software
engineering point of view the process of obtaining a ticket to access
the protected resource is different from the process of getting the
resource itself. However, in practice this approach leads to
additional delays during which the Service Provider is in a temporal
state.
On the one hand, temporal states should be avoided as far as
possible in Web design. On the other hand, the User will notice that
the Consumer takes a significant time to retrieve the protected
resource (ok, this time will not be significant when accessing ONE
resource, but what if they are one thousand resources from the same
Service Provider? The additional time consequence from the distinction
between Request Token and Access token is increased 3 orders of
magnitude).
Don't get me wrong. I think that OAuth is a very interesting
technology and I can't wait to put my hands on it and develop my own
Web applications. I'm not criticizing OAuth. I'm asking these
questions sincerely because I really want to know why these decisions
have been taken.
Thank you for your patience. Greetings,
Jorgito
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
