On Thu, Nov 5, 2009 at 10:33 PM, Eran Hammer-Lahav <eran at hueniverse.com> wrote: > Do you need an RSA option for the “Basic Auth Alternative” case? Yes. I've been thinking of it as "role account authentication with OAuth", because that's the main place I see it being really useful. Here's how I would model it: - send an RSA-signed message to an authorization server - authorization server returns an access token (and possibly a secret) to the client - client uses the access token for data access Cheers, Brian
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.