In the work I've been doing with Eve maler with ProtectServe, I've outlined a flow for registering a service provider to authorization manager, using OAuth core proper. In this case, the SP acts as an OAuth consumer, and AM acts as an OAuth service provider:
http://tinyurl.com/d9roa6 This flow assumes that the identity of the consumer is not particularly important; what is important is the user initiating the relationship and providing authorization. To this end, the consumer key and secret is openly published. I've seen an extension proposal by Dirk Balfanz, Brian Eaton and Breno de Medeiros for to support unregistered consumers: http://breno.demedeiros.googlepages.com/oauth-unregistered.html I'm unclear on why this extension proposal would have advantages over standard three-legged OAuth with a known consumer key and secret. What's also not clear from this proposal is the purpose of oauth_cb_token. Can anyone advise what advantages the unregistered consumer extension would have over known consumer key/secret? Have there been other extensions proposed to provide the same functionality? Paul --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
