Eran Hammer-Lahav wrote: > That's simply not true. When you manually register an application you agree > to legal terms with how you may or may not use the user's data you are > accessing and other legal requirements. Without this agreement, users could > sue the service provider for bad acts by the application. >
Indeed, but if for example I take the oauth consumer key and secret out of the Movable Type FireEagle plugin and use it in my service then I can use FireEagle without agreeing to the legal terms. You can find these here: http://code.sixapart.com/trac/mtplugins/browser/trunk/FireEagle/plugins/FireEagle/fireeagle.pl This means that in practice anyone can actually use FireEagle without agreeing to its terms by using those credentials, and therefore the consumer key and secret are providing no legal value whatsoever. It would seem to me to be far more effective to just assume that the client cannot be trusted at all and behave accordingly. Mozilla doesn't need to make a legal agreement with Google in order for Firefox to be able to load GMail. It's a complete fantasy that non-browser apps are somehow any more verifiable than browsers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
