I don't think application is a good term for the "role" but it certainly should be used in the explanation.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Manger, James H > Sent: Monday, March 02, 2009 6:32 PM > To: [email protected] > Subject: [oauth] Re: OAuth FAIL > > I would be incredibly happy if OAuth talked about Applications, instead > of Consumers (a term many have found strange). Given that > oauth_consumer_key is baked into the protocol, this might be a lost > cause. > > Perhaps improving the nomenclature is more important. > The spec could add a note that for historical reasons the label > "oauth_consumer_key" is used. Or change the label in a new version with > a note to also accept the old label when backward compatibility is > required. > > > James Manger > [email protected] > Identity and security team — Chief Technology Office — Telstra > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Brian Eaton > Sent: Tuesday, 3 March 2009 12:38 PM > To: [email protected] > Subject: [oauth] Re: OAuth FAIL > > > Ah, I totally forgot about the whole "consumer key" nomenclature. > > It would make me incredibly happy if OAuth talked about "consumer > name" and "consumer secret", because crypto geeks and others tend to > think that "keys" are secrets. The OAuth consumer key is not secret, > thus leading to confusion. > > Given that oauth_consumer_key is baked into the protocol, this might > be a lost cause. > > On Mon, Mar 2, 2009 at 5:28 PM, Manger, James H > <[email protected]> wrote: > > OAuth’s use of “Consumer Developer” versus “Consumer” can be > confusing. > > > > > > > > It can sound like the OAuth spec is trying to distinguish: the > software > > developer who wrote a web app; from a web site where the web app is > > deployed. A software developer can write lots of web apps. A web app > can be > > installed on lots of independent web sites. I don’t think this is the > > intention. The desired difference is between a human (“Application > Owner”) > > who can complete a registration process, and a computer program > > (“Application”) that is configured with keys and secrets. > > > > > > > > It might be clearer to avoid the “Consumer Developer” term – perhaps > saying > > that a Key and Secret must be obtained for a Consumer from the > Service > > Provider. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
