We need to get this into a proper draft (which I understand is on Dirk's list) and do a round of feedback before we promote this to a WG draft. I'm happy to help with editorial work if needed.
Given the wide range of use cases, I think we need to keep this work focused on the use cases driving it, and not try to make it too generic. EHL On Jul 10, 2010, at 14:00, Dick Hardt <dick.ha...@gmail.com<mailto:dick.ha...@gmail.com>> wrote: On 2010-07-10, at 9:58 AM, Paul Tarjan wrote: Hi OAuthers, First of all, I think I should introduce myself. I work at Facebook on the Platform team (anything not <http://facebook.com/> facebook.com<http://facebook.com>). Before this I was at Yahoo! doing SearchMonkey (semantic web stuff). I've written a few OAuth applications and libraries, both at Yahoo and in my spare time. For Facebook apps we're going to use your signature scheme with the following changes: I would hope you would think it is "our" signature scheme rather than "your" signature scheme * the signature comes before the payload * we used the key 'algorithm' instead of 'alg' and 'expires' instead of 'not_before' Good points to add to the discussion. Perhaps you would articulate why you made those choices? * we aren't sending any keys except algorithm, expires, and oauth_token (since we're a special use case) If you are a special use case, then not sure why there is any point in being a standard. Assuming you meant "parameters" instead of "keys"? "key" has special meaning when you are discussing crypto. * we named the parameter signed_request because it is the signed part of a request Which parameter? We would love if you could adopt those changes. Then you'd have a real world implementation out the door already :) We plan on launching July 20. Er, we welcome feedback on the standard. Facebook can deploy whatever they want to deploy. An early implementation is useful to see what the issues might be. While possible, it is unlikely what you deploy will be the standard. Paul Sent from my iPhone Thanks for letting us know what device you use. -- Dick _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
