Hi
What needs to be done to complete the MAC token spec ? Without having it
signed off it will be difficult to get people working with OAuth 1.0
convinced to move to 2.0.
I'm seeing another user request for getting OAuth 1.0 support extended
further because the user expects it is more secure, and I guess because
it is proven to work for people, and I guess because many OAuth 1.0
users feel that should stay from OAuth 2.0 because of some bad press.
Without MAC being completed the division will continue, with even more
misleading anti-OAuth2 posts appearing (though I guess some of the
better posts point to some level of complexity in 2.0).
Is it a matter of a security expert validating the text, fixing few
typos, and basically signing it off ?
If someone is interested then I can provide the info offline on how it
MAC supported in our framework to get things tested easily and such...
Cheers, Sergey
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
