Am 15.07.2010 08:25, schrieb Brian Eaton:
On Wed, Jul 14, 2010 at 11:02 PM, Torsten Lodderstedt
<tors...@lodderstedt.net> wrote:
why that? If there will be a signature proposal for resource server access,
the same (simplified?) model could be applied to the authz server's API.
Sure. Other folks have used signed URLs in this kind of protocol as
well: http://developer.yahoo.com/bbauth/user.html.
Why not write up your proposal as an alternate flow (right next to
"user-agent" and "web-server") and see whether other people will
implement it?
I already proposed such an alternative flow
(http://www.ietf.org/mail-archive/web/oauth/current/msg02112.html), but
did not gain support. I probably will give it another try once the WG
reached consensus regading a new signature mechanism.
It's not my current focus. There are more important open issue, e.g.
scope definition, resource server identification, and token revocation.
I just contributed my honest opinion to Eran's survey :-)
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
