Greetings!
Say I have fleet of mobile devices that are the consumers in a three-legged OAuth. The user authorizes each device, but then hands them over to other people. I would like to have these people then need an additional password to interact with the mobile device's protected resources.
Is there a standard, best practices way to do this? Could I use another, layered 2-legged OAuth, or should I do something else?
--Edit--
P.S. Since I posted this I discovered Twitter's "4-legged OAuth" for things like TwitPic, using a "delegator" this is a step towards answering my question, as it appears that OAuth can, in principle, be n-legged.
Are there other 4-legged and/or n-legged OAuth implementations floating around I can read over?
Thanks again,
