Ordinarily, a consumer would get one access token and use it to access the thousand protected resources. OAuth would add very little to the resource response time.
On Jan 26, 3:37 am, Jorgito <[email protected]> wrote: > Reading the spec of OAuth there's something whose motivation I can't > understand. Why distinguishing between a Request Token first, and an > Access Token next? I agree that from a theoretical, software > engineering point of view the process of obtaining a ticket to access > the protected resource is different from the process of getting the > resource itself. However, in practice this approach leads to > additional delays during which the Service Provider is in a temporal > state. > > On the one hand, temporal states should be avoided as far as > possible in Web design. On the other hand, the User will notice that > the Consumer takes a significant time to retrieve the protected > resource (ok, this time will not be significant when accessing ONE > resource, but what if they are one thousand resources from the same > Service Provider? The additional time consequence from the distinction > between Request Token and Access token is increased 3 orders of > magnitude). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
