On Mar 2, 2009, at 6:32 PM, Manger, James H wrote: > I would be incredibly happy if OAuth talked about Applications, > instead of Consumers (a term many have found strange).
The problem is that the term 'consumer' is quite accurate and descriptive when you imagine that a software application, in the role of a consumer, is consuming the output of the "service provider". An 'application' is certainly an OAuth system entity, but the application might play multiple roles, one of which is as a consumer. - johnk > Given that oauth_consumer_key is baked into the protocol, this might > be a lost cause. > > Perhaps improving the nomenclature is more important. > The spec could add a note that for historical reasons the label > "oauth_consumer_key" is used. Or change the label in a new version > with a note to also accept the old label when backward compatibility > is required. > > > James Manger > [email protected] > Identity and security team — Chief Technology Office — Telstra > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Brian Eaton > Sent: Tuesday, 3 March 2009 12:38 PM > To: [email protected] > Subject: [oauth] Re: OAuth FAIL > > > Ah, I totally forgot about the whole "consumer key" nomenclature. > > It would make me incredibly happy if OAuth talked about "consumer > name" and "consumer secret", because crypto geeks and others tend to > think that "keys" are secrets. The OAuth consumer key is not secret, > thus leading to confusion. > > Given that oauth_consumer_key is baked into the protocol, this might > be a lost cause. > > On Mon, Mar 2, 2009 at 5:28 PM, Manger, James H > <[email protected]> wrote: >> OAuth’s use of “Consumer Developer” versus “Consumer” can be >> confusing. >> >> >> >> It can sound like the OAuth spec is trying to distinguish: the >> software >> developer who wrote a web app; from a web site where the web app is >> deployed. A software developer can write lots of web apps. A web >> app can be >> installed on lots of independent web sites. I don’t think this is the >> intention. The desired difference is between a human (“Application >> Owner”) >> who can complete a registration process, and a computer program >> (“Application”) that is configured with keys and secrets. >> >> >> >> It might be clearer to avoid the “Consumer Developer” term – >> perhaps saying >> that a Key and Secret must be obtained for a Consumer from the >> Service >> Provider. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
