[oslc-core] OAuth and delegated UIs

Jim des Rivieres Jim_des_Rivieres at ca.ibm.com
Thu Jan 6 16:14:11 EST 2011

Since you mention the delegated UI sections, it bears noting that passing 
OAuth parameters to request URLs (whether by header, body, or embedded in 
the URL) does not make sense for web page URLs meant to be displayed in a 
web browser; e.g., picker URLs. OAuth 1.0 is not about authenticating a 
user in a browser talking to a server, but about authorizing servers 
talking between themselves.

Jim des Rivieres

Steve K Speicher <sspeiche at us.ibm.com>
oslc-core at open-services.net
01/06/2011 02:44 PM
[oslc-core] OAuth and delegated UIs
Sent by:
oslc-core-bounces at open-services.net

It would be desirable if OSLC Core spec were to recommend (SHOULD) that 
service providers be prepared to handle OAuth parameters embedded in the 
request URI [1]
If a provider of the delegated UIs didn't support this, it could just 
ignore it.   This would provide some improvements to usability where 
setting up single solutions may not be available.

I propose that we add this to the delegated UI sections (or maybe just the 

OAuth section)?

[1] - http://tools.ietf.org/html/rfc5849#section-3.5.3

Steve Speicher | IBM Rational Software | (919) 254-0645

Oslc-Core mailing list
Oslc-Core at open-services.net

More information about the Oslc-Core mailing list