[oslc-core] OAuth and delegated UIs

Jim des Rivieres Jim_des_Rivieres at ca.ibm.com
Thu Jan 6 16:14:11 EST 2011


Since you mention the delegated UI sections, it bears noting that passing 
OAuth parameters to request URLs (whether by header, body, or embedded in 
the URL) does not make sense for web page URLs meant to be displayed in a 
web browser; e.g., picker URLs. OAuth 1.0 is not about authenticating a 
user in a browser talking to a server, but about authorizing servers 
talking between themselves.

Regards,
Jim des Rivieres



From:
Steve K Speicher <sspeiche at us.ibm.com>
To:
oslc-core at open-services.net
Date:
01/06/2011 02:44 PM
Subject:
[oslc-core] OAuth and delegated UIs
Sent by:
oslc-core-bounces at open-services.net



It would be desirable if OSLC Core spec were to recommend (SHOULD) that 
service providers be prepared to handle OAuth parameters embedded in the 
request URI [1]
If a provider of the delegated UIs didn't support this, it could just 
ignore it.   This would provide some improvements to usability where 
setting up single solutions may not be available.

I propose that we add this to the delegated UI sections (or maybe just the 

OAuth section)?

[1] - http://tools.ietf.org/html/rfc5849#section-3.5.3

Thanks,
Steve Speicher | IBM Rational Software | (919) 254-0645


_______________________________________________
Oslc-Core mailing list
Oslc-Core at open-services.net
http://open-services.net/mailman/listinfo/oslc-core_open-services.net






More information about the Oslc-Core mailing list