And to build such a secret url, a WRAP token as a query param in the url would be sufficient.
On Thursday, January 14, 2010, Eve Maler <[email protected]> wrote: > What's generally done today (think Google Calendar, Flickr, etc.) is use > "private" URLs and mail them around. It doesn't really meet anyone's > standards for controlling access to anything valuable -- but it sure is > convenient. :-) > > Eve > > On 14 Jan 2010, at 11:53 AM, Igor Faynberg wrote: > >> John Kemp wrote: >>> ... >>> What delegated authorization protocol should be used to deal with those >>> "not so serious" use-cases then, if OAuth makes them too expensive? >>> >>> >> I expected this question and dreaded it. I don't have a good answer, and I >> don't think there is one. (In my defense, the airport security cannot find >> the way around the wait-wait-wait/shoes-off/belts-off/watches-off routine >> for "good" people--who are actually the majority.) >> >> One not-so-good answer, but--I think--a workable one is to consider an >> (enumerated type) parameter carrying a required security value, something >> that would have to come from the user initially, and then specify TLS or any >> other cryptographic delicacy based on such value. The only problem is that >> end users might happily settle for the highest security, anyway (unless they >> have to pay for it). >> >> Igor > > Eve Maler > [email protected] > http://www.xmlgrrl.com/blog > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- -- John Panzer / Google [email protected] / abstractioneer.org / @jpanzer _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
