As written in the I-D, the use case does call for person-to-person sharing,
which OAuth in its current state doesn't really cover. If you do want to
achieve that outcome, User-Managed Access, built on top of OAuth, specializes
in it. You can find out more at
http://kantarainitiative.org/confluence/display/uma/Home . (We're holding a
Twitter #umachat this Wednesday 9-10am PT if you want to deep-dive on UMA one
tweet at a time.)
Eve
On 11 Mar 2012, at 7:10 PM, David Fox wrote:
> http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases-02#section-3.8
>
> In order to achieve the use case above, how would the client (a.k.a the
> resource owner in this case) specify which user to authorize?
>
> Would the correct approach be to make a request to the Authorization Server
> with the grant type set to "client_credentials" and set the scope to
> user=user_id (where user_id would be the identifier for the user Bob)?
>
> -David
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
