This whole cookie thing is a 'a bit hacky'... that's part of what we're working with... :-)
EHL > -----Original Message----- > From: Manger, James H [mailto:james.h.man...@team.telstra.com] > Sent: Tuesday, June 14, 2011 10:39 PM > To: Eran Hammer-Lahav; oauth > Subject: RE: [OAUTH-WG] FW: MAC: Cookie name or value as MAC key id > > >> How does the server know if a particular request with a > >> "Authorization: MAC ..." header is using credentials from OAuth 2.0 or > from Set-Cookie? > > > This should be pretty easy to resolve with a common-sense deployment > and key identifiers. > > You are right, Eran. Though putting a cookie-name in a key id field is a bit > hacky, in practice a server can work this out with a little bit of code, > perhaps a > little config, and a little bit of sense choosing names. > > I withdraw my suggestion for using the cookie-value as the key id. > > -- > James Manger _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
