donald.coffin (8/17/2012 4:52 PM): Assuming the definition of "bulk" and "batch" as described in John Teeter's definition. The current OAuth flow should be capable of handling the "batch" situation, since it requires the Data Custodian to only verify the authorization of a single user. The "bulk" situation requires the Data Custodian to verify the user has authorization to access the data of multiple Retail Customers. One method of achieving this would be for the Data Custodian to establish a "unique" UserID for the "bulk" user account which would then allow the "bulk" transfer transaction to utilize the same OAuth process as all other users. For the "bulk" user to gain access to various different Retail Customer's data, the Data Custodian would then be required to establish a technique that a Retail Customer can use to "grant" permission to the "bulk" user to access their data. The definition of this "granting" process is beyond the scope of the ESPI standard and therefore is NOT covered.
john.teeter1 (8/14/2012 3:31 PM): We had a brief discussion about "Batch" on OpenESPI call. While we didn't resolve the OAuth question directly, we figure there were two categories of things: "Batch" and "Bulk" where: Batch is the delivery of multiple resources under the auspices of a single Retail Customer's authorization. Bulk is the delivery of multiple resources under the auspices of 1 or more Retail Customer's authorization. I could do a "batch" request for multiple subscriptions owned by one user; or I might do a "bulk" request for multiple subscriptions each of which might be owned by different Retail Customers. The OAuth implications of the two (batch.vs.bulk) seem to be unique.