OAuth enables consumers to access providers' resources, but providers can't access consumers' resources reversely.
We can think of scenario that a provider requests consumer's resources even though it is not mentioned in the spec. That enables reciprocal access. Do you think extending the spect for the scenario is reasonable and secure? Regards, --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
