I like (making the resonable assumption that there's an associated mechanism for revoking keys). Depending on how much you want to over-engineer it, could be nice if the authorization mechanism allowed for time-based expiration, as well, something like a key lifetime specified in 24 hour increments or "never expires."
- Whit On Sun, 11 Sep 2005, joshua schachter wrote: > i'd like to put together a spec for letting users authorize remote > application access without giving away their actual password. > [...] _______________________________________________ discuss mailing list discuss@del.icio.us http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss