I would be incredibly happy if OAuth talked about Applications, instead of Consumers (a term many have found strange). Given that oauth_consumer_key is baked into the protocol, this might be a lost cause.
Perhaps improving the nomenclature is more important. The spec could add a note that for historical reasons the label "oauth_consumer_key" is used. Or change the label in a new version with a note to also accept the old label when backward compatibility is required. James Manger [email protected] Identity and security team — Chief Technology Office — Telstra -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Eaton Sent: Tuesday, 3 March 2009 12:38 PM To: [email protected] Subject: [oauth] Re: OAuth FAIL Ah, I totally forgot about the whole "consumer key" nomenclature. It would make me incredibly happy if OAuth talked about "consumer name" and "consumer secret", because crypto geeks and others tend to think that "keys" are secrets. The OAuth consumer key is not secret, thus leading to confusion. Given that oauth_consumer_key is baked into the protocol, this might be a lost cause. On Mon, Mar 2, 2009 at 5:28 PM, Manger, James H <[email protected]> wrote: > OAuth’s use of “Consumer Developer” versus “Consumer” can be confusing. > > > > It can sound like the OAuth spec is trying to distinguish: the software > developer who wrote a web app; from a web site where the web app is > deployed. A software developer can write lots of web apps. A web app can be > installed on lots of independent web sites. I don’t think this is the > intention. The desired difference is between a human (“Application Owner”) > who can complete a registration process, and a computer program > (“Application”) that is configured with keys and secrets. > > > > It might be clearer to avoid the “Consumer Developer” term – perhaps saying > that a Key and Secret must be obtained for a Consumer from the Service > Provider. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
