I think that SP should be able to access a resource of Consumer. For example, it has some merit for both that SP displays contents of Consumer on own page.
2legged OAuth: SP makes OAuth request with Consumer Key and Consumer Secret which provided to Consumer. Consumer makes Signature with own value and validate SP's request. 3legged OAuth: I think about how to obtain the user's Authorization. Is there any idea? Regards, Ryo. On 5ζ28ζ₯, εεΎ11:54, grayger <[email protected]> wrote: > OAuth enables consumers to access providers' resources, but providers > can't access consumers' resources reversely. > > We can think of scenario that a provider requests consumer's resources > even though it is not mentioned in the spec. > That enables reciprocal access. > Do you think extending the spect for the scenario is reasonable and > secure? > > Regards, --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
