David, A use case that is similar to yours is described in http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02, section 3.8. OAuth 2.0 does not directly support this use case.
Zachary -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Fox Sent: Thursday, March 08, 2012 2:36 PM To: OAuth WG Subject: [OAUTH-WG] Question about particular OAuth use case Hello all, I have a question about a possible use case of OAuth. The standard use case which is outlined thoroughly in the spec, is a client asking a resource owner for access to their information from the resource server. But, what about the case where a client/resource owner wants to share a particular resource with another, and potentially unregistered, user? An example illustrating what I mean: An application allows users to upload various templates of documents. And, by using an API, a user can send various types of media (e.g., tweets, FB pictures) to be inserted into said templates, thus creating new documents on the fly. Now, imagine a user in this application has various customers they wish to give access to a certain template. To achieve this, the user creates a token for each customer -- which could be locked down to a certain template, IP, domain, number of uses etc -- and delivers each token to the corresponding customer. Has anything like this been mentioned before? And if so, what was the suggested "dance?" From what I know, I'd imagine using bearer tokens and locking them to some of the conditions listed above would be best, but I'd like a more professional opinion. Thanks, -David Fox PS, after re-reading the spec, I found a typo: Section 2.1: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-2.1 The authorization server MAY provider tools to manage such complex clients through a single administration interface. I believe this should be: The authorization server MAY provide tools to manage such complex clients through a single administration interface. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
