You may have noticed, on page 8 the host is listed as "example.net" - should be example.com, I believe. (draft v5)
All in all, I'm in support of the changes in v2. Certainly addresses my hesitations from v2. skylar On May 9, 2011, at 12:36 PM, Eran Hammer-Lahav wrote: > (Please discuss this draft on the Apps-Discuss <apps-disc...@ietf.org> > mailing list) > > http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token > > While this document has moved to the Apps-Discuss mailing list for the time > being, I wanted to give a quick update to those who have been following this > draft which originated on this list. > > The major changes since -02 are: > > * Removed OAuth terminology and association. The draft is now a general > purpose HTTP authentication scheme. It does include an OAuth 2.0 binding > which is described in less than a page. One suggestion would be to move > section 5.1 into the OAuth specification and drop all the OAuth 2.0 text from > the MAC draft. > > * Added 'Set-Cookie' extension for using MAC with session cookies. > > * Removed request URI query normalization. The new draft uses the raw request > URI unchanged. > > * Replaced timestamps with credentials age to remove the need for clock sync. > > * Added a placeholder for extension, allowing random text to be included in > the request and MAC. > > * Added issuer attribute for identifying the source of the credentials as an > additional protection. > > Draft -04 is not compatible with previous drafts. > > EHL > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
