Since you mention the delegated UI sections, it bears noting that passing OAuth parameters to request URLs (whether by header, body, or embedded in the URL) does not make sense for web page URLs meant to be displayed in a web browser; e.g., picker URLs. OAuth 1.0 is not about authenticating a user in a browser talking to a server, but about authorizing servers talking between themselves.
Regards, Jim des Rivieres From: Steve K Speicher <[email protected]> To: [email protected] Date: 01/06/2011 02:44 PM Subject: [oslc-core] OAuth and delegated UIs Sent by: [email protected] It would be desirable if OSLC Core spec were to recommend (SHOULD) that service providers be prepared to handle OAuth parameters embedded in the request URI [1] If a provider of the delegated UIs didn't support this, it could just ignore it. This would provide some improvements to usability where setting up single solutions may not be available. I propose that we add this to the delegated UI sections (or maybe just the OAuth section)? [1] - http://tools.ietf.org/html/rfc5849#section-3.5.3 Thanks, Steve Speicher | IBM Rational Software | (919) 254-0645 _______________________________________________ Oslc-Core mailing list [email protected] http://open-services.net/mailman/listinfo/oslc-core_open-services.net
