Yes, but it is still using the same way to prove it holds the private key or shared secret. The OAuth authentication method allows for two separate sets of credentials, one for the client and another for the resource owner (on its behalf). If you drop the resource owner set, you are left with a model similar to basic/digest where the shared secret is processed in some way and attached to the request.
EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Richard Barnes > Sent: Monday, July 06, 2009 11:36 AM > To: [email protected] > Subject: [oauth] Re: Is there a spec for 2-legged OAuth? > > > Eran, > > Would it be accurate to say that the 2-legged scenario is just the use > of the OAuth scheme for signing HTTP requests as an authentication > mechanism, as with Basic or Digest, but with a different way of > proving that the Consumer holds the private key? > > --Richard > > > > On Mon, Jul 6, 2009 at 2:23 PM, Eran Hammer-Lahav<[email protected]> > wrote: > > It is really just using the authentication method without an > oauth_token. When we clean up the authentication part and address the > requirement of coming up with a new authentication method for HTTP, > this will be made clear. > > > > EHL > > > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] On > Behalf > >> Of Peter Saint-Andre > >> Sent: Monday, July 06, 2009 9:36 AM > >> To: [email protected] > >> Subject: [oauth] Re: Is there a spec for 2-legged OAuth? > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 7/3/09 11:29 AM, Andrew Arnott wrote: > >> > It seems like 2-legged OAuth is this informal thing that everyone > >> knows > >> > about yet I can't find any concrete documentation on. Is it > because > >> > when it exists, it's a proprietary solution between a consumer and > >> SP? > >> > Is there a spec anywhere? > >> > >> I'm hoping that Eran will talk about this in the Internet-Draft he > >> plans > >> to submit about the delegation workflows. > >> > >> Peter > >> > >> - -- > >> Peter Saint-Andre > >> https://stpeter.im/ > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.8 (Darwin) > >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >> > >> iEYEARECAAYFAkpSJ9YACgkQNL8k5A2w/vwdGgCg/PveXiY7A+UmX9Y6fRPfAp33 > >> RcwAoLJYWQlLvKTFQEV/CZNzWaBtD8Qh > >> =CcHo > >> -----END PGP SIGNATURE----- > >> > >> > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
