On Mar 2, 2009, at 5:37 PM, Brian Eaton wrote: > > Ah, I totally forgot about the whole "consumer key" nomenclature. > > It would make me incredibly happy if OAuth talked about "consumer > name"
Exactly, the "consumer key" is an _identifier_ (a name) for the consuming application. - johnk > and "consumer secret", because crypto geeks and others tend to > think that "keys" are secrets. The OAuth consumer key is not secret, > thus leading to confusion. > > Given that oauth_consumer_key is baked into the protocol, this might > be a lost cause. > > On Mon, Mar 2, 2009 at 5:28 PM, Manger, James H > <[email protected]> wrote: >> OAuth’s use of “Consumer Developer” versus “Consumer” can be >> confusing. >> >> >> >> It can sound like the OAuth spec is trying to distinguish: the >> software >> developer who wrote a web app; from a web site where the web app is >> deployed. A software developer can write lots of web apps. A web >> app can be >> installed on lots of independent web sites. I don’t think this is the >> intention. The desired difference is between a human (“Application >> Owner”) >> who can complete a registration process, and a computer program >> (“Application”) that is configured with keys and secrets. >> >> >> >> It might be clearer to avoid the “Consumer Developer” term – >> perhaps saying >> that a Key and Secret must be obtained for a Consumer from the >> Service >> Provider. >> >> >> >> James Manger >> [email protected] >> Identity and security team — Chief Technology Office — Telstra >> >> >> >>> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
