2010/1/14 Eran Hammer-Lahav <e...@hueniverse.com>: > QUESTIONS: How do people feel about this? What are some other advantaged and > disadvantages of this approach?
The disadvantages you outlined massively outweigh the advantages. I've had a persistent search for OAuth on Twitter for some time now, and anecdotally, people are "getting" it more, or the libraries are getting better. In that sense, I echo Dirk's sentiment here. The signature in OAuth 1.0+ and in draft-hammer-http-token-auth is designed to break if someone implements something insecurely. The goal of these mechanisms is not to make it easy for people to authenticate insecurely. It's to make it as easy as possible (but no easier) to ensure secure authentication. b. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
