[cap-talk] OAuth vs. CapDoc contrast
Karp, Alan H
alan.karp at hp.com
Mon Oct 1 20:55:26 EDT 2007
Jed wrote:
>>
>> "OAuth is intended to replace Basic authentication"
>>
> Hmmm. I see you're point. However, I don't think Blaine
> was suggesting that an OAuth authorization is intended
> to grant ambient user authority. You're right that is
> what Basic Authentication does, but while OAuth may
> be intended to replace Basic Authentication I believe
> the intent is to do so with finer grain authorizations.
>
We'd better let Blaine answer, but his statement is pretty clear, and it
explains the warning in Appendix B.9. That warning really surprised me
because I thought they were doing read-only access to a single file.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list