Allen Tom wrote: > Manger, James H wrote: >> Ideally, an app would attempt to access a protected resource at an SP and >> get: >> * A 401 Unauthenticated response from the SP; with >> * A “WWW-Authenticate: OAuth” header; with >> * A parameter providing the authorization URL; and >> * Another parameter with the OP URL (when OpenID/OAuth hybrid was supported). >> > > One problem with this approach is that many SPs like Yahoo and MySpace > will require developers to register their site to get a Consumer Key. > Given that the developer already has to manually get a CK, there might > not that much value in defining a workflow for Consumers to discover the > OAuth endpoints. >
As long as this is true it will be impossible for such SPs to expose non-proprietary protocols like PortableContacts, so either these SPs will need to find a way to work without pre-registration or we'll all have to accept that the open stack is impossible and go find something more productive to do. _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
