[oslc-core] OAuth and delegated UIs
Jim des Rivieres
Jim_des_Rivieres at ca.ibm.com
Thu Jan 6 16:14:11 EST 2011
Since you mention the delegated UI sections, it bears noting that passing
OAuth parameters to request URLs (whether by header, body, or embedded in
the URL) does not make sense for web page URLs meant to be displayed in a
web browser; e.g., picker URLs. OAuth 1.0 is not about authenticating a
user in a browser talking to a server, but about authorizing servers
talking between themselves.
Regards,
Jim des Rivieres
From:
Steve K Speicher <sspeiche at us.ibm.com>
To:
oslc-core at open-services.net
Date:
01/06/2011 02:44 PM
Subject:
[oslc-core] OAuth and delegated UIs
Sent by:
oslc-core-bounces at open-services.net
It would be desirable if OSLC Core spec were to recommend (SHOULD) that
service providers be prepared to handle OAuth parameters embedded in the
request URI [1]
If a provider of the delegated UIs didn't support this, it could just
ignore it. This would provide some improvements to usability where
setting up single solutions may not be available.
I propose that we add this to the delegated UI sections (or maybe just the
OAuth section)?
[1] - http://tools.ietf.org/html/rfc5849#section-3.5.3
Thanks,
Steve Speicher | IBM Rational Software | (919) 254-0645
_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net
More information about the Oslc-Core
mailing list