- From: Phil Hunt <phil.hunt@oracle.com>
- Date: Wed, 8 Jun 2011 13:32:53 -0700
- To: Nico Williams <nico@cryptonector.com>
- Cc: public-web-security@w3.org
Nico, I've been reading your draft and attended your presentation at W3C. Trying to understand how this compares and/or complements OAuth. While different (and interesting), it still seems to involve multiple request/response exchanges much like OAuth 2-leg flows. There also seems to be an implication that the REST endpoint must be relative to the resource being accessed. OAuth's token and authorization end-points can be decoupled allowing for centralization of token services. OAuth seems to have more flexibility and a broader pattern. Thoughts? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2011-06-06, at 7:03 PM, Nico Williams wrote: > http://www.ietf.org/id/draft-williams-rest-gss-00.txt >
Received on Wednesday, 8 June 2011 21:33:48 UTC