Re: [OAUTH-WG] Mandatory-to-implement token type

[Leif Johansson]

5 dec 2011 kl. 00:34 skrev Blaine Cook <rom...@gmail.com>:

> On 4 December 2011 02:26, Mike Jones <michael.jo...@microsoft.com> wrote:
>> I strongly object to a mandatory-to-implement clause for the MAC scheme.  
>> They are unnecessary and market forces have shown that implementers do not 
>> want or need this kind of an authentication scheme.
> 
> I'd say that Twitter, Flickr, Dropbox and dozens of other sites that
> have shipped OAuth 1.0a (MAC) in production and for billions of
> requests per day is a pretty strong market force.
> 
> People (especially politically incentivised standards wonks) arguing
> on a mailing list isn't a strong market force, and there are far fewer
> successful APIs that use Bearer tokens. Which isn't to say that they
> won't, just to say that what you want and what's used in the wild are
> very different things. Or, citation needed.
> 
> 

Oauth 1.0a mac and 2.0 mac are not the same thing. Yours is an argument for 
backwards compat I think.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth