In the current draft spec section 1.2 on terminology the definition of resource owner is "An entity capable of granting access to a protected resource" and end user is "A human resource owner"
In section 4.1.2 "Resource owner Password credentials" it talks of supplying the resource owner's username and password. However the text below talks of the server validating the end-user credentials which is slightly confusing. I note that the initial draft (draft 1) defined resource owner as "an entity (generally an end-user)..." So, is the intention that resource owner and end-user are effectively synonymous? -- Please consider the environment before printing this email ********************************************************************* This e-mail and any attachments are confidential. If it is not for you, please inform us and delete it immediately without disclosing, copying, or distributing it. If the content is not about the business of the MGt Group or its clients, then it is neither from nor sanctioned by the MGt Group. Use of this or any other MGt Group e-mail facility signifies consent to interception by the MGt Group. The views expressed in this email or any attachments may not reflect the views and opinions of the MGt Group. This message has been scanned for viruses and dangerous content by MailScanner, but the MGt Group accepts no liability for any damage caused by the transmission of any viruses. MGt plc is a public limited company registered in Scotland (SC175703) with its registered office at Cluny Court, John Smith Business Park, Kirkcaldy, Fife, KY2 6QJ. ********************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
