This is not an OAuth issue by how it is implemented. There is nothing to prevent servers from not requiring registration. It is part of the discovery spec.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Martin Atkins > Sent: Thursday, March 26, 2009 4:38 PM > To: [email protected] > Subject: [oauth] Re: Security through obscurity? > > > Eran Hammer-Lahav wrote: > > Comparison with OpenID at this stage is not that relevant because > while > > OAuth protects real data and resources, OpenID at most reveal some > silly > > information about you (SREG). So it is ok to let the use decide how > they > > share some minimal set of data about them, read only, and without > > updates. Not so much when you can access their electronic wallet... > > > > As a user I cannot grant access to my data to applications I trust if > the application vendor has not made a business deal with the company > that's hosting my data. > > I can't host my own data because OAuth is set up in such a way to > require every combination of (consumer, provider) to be pre-registered > out of band, and no application vendor is going to have pre-registered > with my one-off, self-hosted data service. > > So I'm stuck. I can't force the application vendor to agree to the > service provider's terms, and I can't provide my own service. What am I > supposed to do? > > The "electronic wallet" example is a distraction because OAuth as > deployed today is used for much less critical things like updating my > location in FireEagle, or retrieving the data from my address book on > GMail. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
