MAC fixes the signing problems encountered in OAuth 1.0a, yes there are libraries out there for OAuth 1.0a. MAC fits in to the OAuth 2 auth model and will provide for a single codepath for sites that want to use both Bearer and MAC.
________________________________ From: Dick Hardt <dick.ha...@gmail.com> To: William Mills <wmills_92...@yahoo.com> Cc: "oauth@ietf.org" <oauth@ietf.org> Sent: Thursday, August 9, 2012 10:27 AM Subject: Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01 On Aug 9, 2012, at 9:52 AM, William Mills wrote: I find the idea of starting from scratch frustrating. MAC solves a set of specific problems and has a well defined use case. It's symmetric key based which doesn't work for some folks, and the question is do we try to develop something that supports both PK and SK, or finish the SK use case and then work on a PK based draft. > > >I think it's better to leave them separate and finish out MAC which is *VERY >CLOSE* to being done. Who is interested in MAC? People can use OAuth 1.0 if they prefer that model. For my projects, I prefer the flexibility of a signed or encrypted JWT if I need holder of key. Just my $.02 -- Dick
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
