I wish this went into more detail about how to actually secure the WS with OAuth2, and not so much about how OAuth2 can be used to grant clients access to protected resources. What about actually securing the WS endpoints when a user account isn't needed, such as a REST endpoint for user-creation or other non-user related operation?
I dont get your point, every functionality exposed with REST endpoint is accessible from a user of some kind, one of the point of OAuth2 is the profiling, create your profile (User, admin, superuser.. administration.. whatever..) and assign to them the set of access point (resources) they can access..
if you attended springone2gx, you can access the slides now, you should have gotten an email to that effect. We'll have a page on SpringSource website soon where the slides will be available.