Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues

On 2010-09-30, at 11:33 AM, Eran Hammer-Lahav wrote: >> -Original Message- >> From: Dick Hardt [mailto:dick.ha...@gmail.com] >> Sent: Thursday, September 30, 2010 7:45 AM > >> The suggested change does not address the issue that myself and others had >> raised with having signatures be i

Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues

> -Original Message- > From: Dick Hardt [mailto:dick.ha...@gmail.com] > Sent: Thursday, September 30, 2010 7:45 AM > The suggested change does not address the issue that myself and others had > raised with having signatures be in the core. The suggestion was that having > signatures be a d

Re: [OAUTH-WG] Next steps (draft timeline)

The chairs sent a longer list of new items to consider. This does not replace that list but only focuses on the immediate next steps. EHL On Sep 30, 2010, at 8:38, "Torsten Lodderstedt" mailto:tors...@lodderstedt.net>> wrote: Bassically, your suggestion sounds reasonable to me. The only thing

[OAUTH-WG] OAuth leeloo V0.1

Hi, We're pleased to announce the release of a new OAuth V2.0 library - OAuth leeloo V0.1. It implements draft 10 of the OAuth spec. It allows to easily build Clients, Authorization Servers and Resource Servers. We've been using leeloo internally at one of our Web applications and as a part of a b

Re: [OAUTH-WG] Next steps (draft timeline)

Bassically, your suggestion sounds reasonable to me. The only thing I'm missing is discovery. As you pointed out in http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/ this is a major enabler for interoperable APIs and motivates the need for signatures. Shouldn't we

Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues

Note there will be three documents not two. The suggested change does not address the issue that myself and others had raised with having signatures be in the core. The suggestion was that having signatures be a different spec made them reusable by other groups and enabled a more comprehensive

Re: [OAUTH-WG] Looking for a compromise on signatures and other open issues

+1 While it's good to have one document, it's better to have two good documents instead of one that we're unhappy with. There'll be "Implementer's Guides" and "Tutorials" later who will do the job of explaining how to make sense of the two (which of course doesn't mean I'm advocating specificatio

Re: [OAUTH-WG] specification of authorization code properties

Thank you for your advice. The Oauth security considerations are not finished yet. They will handle the issues you raised, too. Regards, Torsten. Am 30.09.2010 um 01:33 schrieb PRATEEK MISHRA : > I read through v10 from the perspective of an implementor, and it seemed to > me that properties