OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]
Martin Atkins
mart at degeneration.co.uk
Wed Dec 3 05:00:51 UTC 2008
Allen Tom wrote:
>
> For the time being, we prefer to require CKs for client applications
> (even if they can't be verified) mostly to make it easy for us to pull
> the plug on specific applications if they are discovered to be severely
> buggy or dangerous. We'd also like to require pre-registration of CKs so
> that we know who to contact about a particular app if we have any questions.
>
If I make a dangerous app using the consumer key from a popular
application, would you black list that key and inconvenience all of its
users?
(I doubt it.)
More information about the specs
mailing list