[cap-talk] OAuth vs. CapDoc contrast
Jed Donnelley
capability at webstart.com
Tue Oct 2 02:24:09 EDT 2007
At 05:55 PM 10/1/2007, Karp, Alan H wrote:
>Jed wrote:
> >>
> >> "OAuth is intended to replace Basic authentication"
> >>
> > Hmmm. I see you're point. However, I don't think Blaine
> > was suggesting that an OAuth authorization is intended
> > to grant ambient user authority. You're right that is
> > what Basic Authentication does, but while OAuth may
> > be intended to replace Basic Authentication I believe
> > the intent is to do so with finer grain authorizations.
> >
>We'd better let Blaine answer, but his statement is pretty clear, and it
>explains the warning in Appendix B.9. That warning really surprised me
>because I thought they were doing read-only access to a single file.
I've bcc'ed this reply to Blaine Cook in case he has time
to reply. As far as I know he isn't on cap-talk. He
can of course review the history of this discussion
in the archive:
http://www.eros-os.org/mailman/listinfo/cap-talk
but I believe the above should suffice for comment.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list