Regarding the second comment I made below: I realized last night that Sections
3.7.1 and 3.7.2 get this more correct, by saying that an autonomous client
represents a "separate resource owner". So Section 2.2 definitely needs a
slight change, from:
"...and autonomous flows where the client is acting for itself (the client is
also the resource owner)."
to something like:
"...and autonomous flows where the client is acting on behalf of a different
resource owner."
Thanks,
Eve
On 21 Apr 2010, at 4:43 PM, Eve Maler wrote:
> Tacking this response to the end of the thread for lack of a better place to
> do it: The name "username" seems not quite apt in the case of an autonomous
> client that isn't representing an end-user. Would "identifier" be better?
> (Actually, it sort of reminds me of SAML's "SessionIndex"...) Or would the
> parameter be reserved for user-delegation flows?
>
> Speaking of autonomous clients, Section 2.2 -- among possibly other places --
> states that an autonomous client is also the resource owner, but that's not
> always the case, is it? The client might be seeking access on behalf of
> itself. (FWIW, I made roughly this same comment on David's first draft on
> March 21, and he agreed with my suggested fix at the time.)
>
> Eve
Eve Maler
[email protected]
http://www.xmlgrrl.com/blog
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
