Jim, I don't think it follows that Service documents need to be unsecured. They could be secured with the usual Web authentication mechanisms, e.g. HTTPS+BASIC, or Digest. OAuth is really for the more complicated case of an application acting on behalf of a user.
Regards, ___________________________________________________________________________ Arthur Ryman, PhD, DE Chief Architect, Project and Portfolio Management IBM Software, Rational Markham, ON, Canada | Office: 905-413-3077, Cell: 416-939-5063 Twitter | Facebook | YouTube From: James Conallen <[email protected]> To: [email protected] Date: 08/26/2010 09:48 AM Subject: [oslc-core] Authentication details in service documents Sent by: [email protected] As I look at the service documents there are properties for establishing OAuth in the same document that lists contexts (service providers). I am assuming that documents possessing authentication establishment information are expected to be available without authentication. This means that context information will be available without authentication, which I don't think is right. What is everyone else's understanding? <jim/> jim conallen [email protected] Rational Software, IBM Software Group _______________________________________________ Oslc-Core mailing list [email protected] http://open-services.net/mailman/listinfo/oslc-core_open-services.net
