Re: [OAUTH-WG] FYI, UMA webinar followup

Hi-- We had a bit of a glitch in the half-hour before the webinar, and sent out fresh notification emails. It sounds like you didn't get yours, for which I'm very sorry! We had about 20 people on. There will be a recording (audio/video) available soon -- I'll alert this list at that time -- a

[OAUTH-WG] exclude hostname and port number from normalized string

This proposal is to allow use of same token to access multiple protected resource across different servers. At minimum making it optional would help in wide variety of media delivery use cases. Proposal details: Exclude hostname and port number in normalized request string creation. Another possib

Re: [OAUTH-WG] FYI, UMA webinar followup

I registered for the seminar, got the bridge info, dialed in and nobody was there. Are there slides available? >-Original Message- >From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] >On Behalf Of ext Eve Maler >Sent: 25 January, 2010 14:03 >To: OAuth WG >Subject: [OAUTH-WG] F

Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth communication

I'm fine with letting the market decide whether to use SSL or implement their own crypto in libraries (I know our implementations will choose SSL-only), but that means we'll be going from fully compliant with OAuth WRAP to partially compliant with OAuth 2.0 by making the same choices. Some conce

Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth communication

> -Original Message- > From: Luke Shepard [mailto:lshep...@facebook.com] > Sent: Thursday, January 28, 2010 11:55 PM > > We have no business telling servers what they MUST implement (they > > might consider S-Plain too weak for their needs) > > Of all the negatives I listed below about S

Re: [OAUTH-WG] terminology

Of course. :) On Fri, Jan 29, 2010 at 12:13 AM, Eran Hammer-Lahav wrote: > Hopefully by 1.0 you mean draft-hammer-oauth, not the community edition > with its “Consumer Key” and other inventions. > > > > EHL > > > > *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf > Of *Da

Re: [OAUTH-WG] terminology

Hopefully by 1.0 you mean draft-hammer-oauth, not the community edition with its "Consumer Key" and other inventions. EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David Recordon Sent: Thursday, January 28, 2010 10:35 PM To: Peter Saint-Andre; Luke Shepard Cc: OA

Re: [OAUTH-WG] Discussion of SSL as the primary means for OAuth communication

For one, we know never to assume that SSL is implemented correctly (not in terms of the libraries but how certificate exceptions are handled and how its defenses can be compromised). S-Plain also exposes the secret to intermediaries while signatures can pass through without being compromised. I