On Mon, Mar 8, 2010 at 10:33 PM, David Recordon <[email protected]> wrote: > Yes. I was agreeing with your point and suggesting that the profile > have the client secret added to the request. :)
Just so we're clear on use cases... is the primary use case here DRM, verifying software on client machines? Or do folks want to use this for server-to-server calls? I am not an expert on DRM, but if we're going to try to do DRM in WRAP I think we should a) learn from prior experience and b) get experts involved to write that section of the spec and c) call it out as a separate use case and profile, so that people don't get confused and misuse the spec in dangerous ways. Cheers, Brian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
