also, the oauth 2 abstract says the following so it seems confusing that oauth 1 is the proposed solution for mac:
This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849 <http://tools.ietf.org/html/rfc5849>. On Thu, Aug 9, 2012 at 12:53 PM, William Mills <wmills_92...@yahoo.com>wrote: > MAC fixes the signing problems encountered in OAuth 1.0a, yes there are > libraries out there for OAuth 1.0a. MAC fits in to the OAuth 2 auth model > and will provide for a single codepath for sites that want to use both > Bearer and MAC. > > ------------------------------ > *From:* Dick Hardt <dick.ha...@gmail.com> > *To:* William Mills <wmills_92...@yahoo.com> > *Cc:* "oauth@ietf.org" <oauth@ietf.org> > *Sent:* Thursday, August 9, 2012 10:27 AM > > *Subject:* Re: [OAUTH-WG] mistake in draft-ietf-oauth-v2-http-mac-01 > > > On Aug 9, 2012, at 9:52 AM, William Mills wrote: > > I find the idea of starting from scratch frustrating. MAC solves a set of > specific problems and has a well defined use case. It's symmetric key > based which doesn't work for some folks, and the question is do we try to > develop something that supports both PK and SK, or finish the SK use case > and then work on a PK based draft. > > I think it's better to leave them separate and finish out MAC which is > *VERY CLOSE* to being done. > > > Who is interested in MAC? People can use OAuth 1.0 if they prefer that > model. > > For my projects, I prefer the flexibility of a signed or encrypted JWT if > I need holder of key. > > Just my $.02 > > -- Dick > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
