OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]
atom at yahoo-inc.com
Thu Nov 13 21:45:07 UTC 2008
Dirk Balfanz wrote:
> I don't think this is true - I believe the realm is sufficient. Let me
> try and explain. (We'll assume registered consumers.) On the approval
> page, we need to identify the consumer. In its current form, the spec
> basically assumes that you're gonna use the realm for that.
You're assuming that a realm has only one CK. A site might have multiple
consumer keys, with different scopes attached to them...
More information about the specs