On 2010-03-04, at 12:27 PM, Igor Faynberg wrote: > > > Blaine Cook wrote: >> - Why are signatures needed? >> > 1) For authentication > > 2) For ensuring integrity > > 3) For non-repudiation
Those are the general capabilities of signatures. "Why does the Client need to sign the request / token?" is the full question. Which party are we worried about authenticating? What are we trying to ensure the integrity of? What statement is requires non-repudiation? >> - What do signatures need to protect? >> > They protect against > > 1) Fraudulent access (which, in absence of proper mechanisms, may not even > even be considered legally fraudulent while making considerable damage) > > 2) Denial of a previous request. I am confused by this statement. Would you elaborate? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
