On Thu, Jul 22, 2010 at 3:01 PM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:
>
> On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt <
> tors...@lodderstedt.net> wrote:
>
>> Hi Dirk,
>>
>> I have some questions concerning your proposal:
>>
>> - As far as I understand, the difference to
On Wed, Jul 21, 2010 at 1:26 AM, Nat Sakimura wrote:
> Hi Dirk,
>
> Inline:
>
> On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz wrote:
> >
> >
> > On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
> > wrote:
> >>
> >> Hi Dirk,
> >>
> >> I have some questions concerning your proposal:
> >>
> >>
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
mailto:tors...@lodderstedt.net>> wrote:
Hi Dirk,
I have some questions concerning your proposal:
- As far as I understand, the difference to "magic signatures"
lays in the usage of a JSON token carrying issuer, not_before,
*To:* 'OAuth WG'
*Subject:* RE: [OAUTH-WG] signatures, v2
I apologize since I have a feeling that this decision was made long ago but
I'd like to understand...
OAuth 1.0 had a secret associated with every token and used an HMAC to
generate the signature. So, there is no way
.@ietf.org] *On Behalf Of
*Dirk Balfanz
*Sent:* Thursday, July 15, 2010 8:44 PM
*To:* OAuth WG
*Subject:* [OAUTH-WG] signatures, v2
Hi guys,
after reading through the feedback, we did a pass over the OAuth signature
proposals.
As a reminder, there are three documents:
- a document (called
On Wed, Jul 21, 2010 at 8:27 PM, Ben Laurie wrote:
> On 16 July 2010 01:43, Dirk Balfanz wrote:
>> Hi guys,
>> after reading through the feedback, we did a pass over the OAuth signature
>> proposals.
>> As a reminder, there are three documents:
>> - a document (called "JSON Tokens") that just exp
On 16 July 2010 01:43, Dirk Balfanz wrote:
> Hi guys,
> after reading through the feedback, we did a pass over the OAuth signature
> proposals.
> As a reminder, there are three documents:
> - a document (called "JSON Tokens") that just explains how to sign something
> and verify the signature:
> h
On Wed, Jul 21, 2010 at 5:26 PM, Nat Sakimura wrote:
> Hi Dirk,
>
> Inline:
>
> On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz wrote:
>>
>>
>> On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
>> wrote:
>>>
>>> Hi Dirk,
>>>
>>> I have some questions concerning your proposal:
>>>
>>> - As far a
Hi Dirk,
Inline:
On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz wrote:
>
>
> On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
> wrote:
>>
>> Hi Dirk,
>>
>> I have some questions concerning your proposal:
>>
>> - As far as I understand, the difference to "magic signatures" lays in the
>> usag
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:
> Hi Dirk,
>
> I have some questions concerning your proposal:
>
> - As far as I understand, the difference to "magic signatures" lays in the
> usage of a JSON token carrying issuer, not_before, not_after and a
Hi Dirk,
I have some questions concerning your proposal:
- As far as I understand, the difference to "magic signatures" lays in
the usage of a JSON token carrying issuer, not_before, not_after and
audience. While such properties are important for security tokens
(assertions), I cannot see an
On 2010-07-15, at 6:45 PM, Naitik Shah wrote:
> On Thu, Jul 15, 2010 at 5:43 PM, Dirk Balfanz wrote:
>
> One question: What's the deal with having the signature go first? If you can
> explain to me why that is a good idea, I'm happy to oblige.
>
>
> When we were talking about base64url or no
On Thu, Jul 15, 2010 at 5:43 PM, Dirk Balfanz wrote:
>
> One question: What's the deal with having the signature go first? If you
> can explain to me why that is a good idea, I'm happy to oblige.
>
>
When we were talking about base64url or not, putting the signature before
the dot meant it was ok
Hi guys,
after reading through the feedback, we did a pass over the OAuth signature
proposals.
As a reminder, there are three documents:
- a document (called "JSON Tokens") that just explains how to sign something
and verify the signature:
http://docs.google.com/document/pub?id=1kv6Oz_HRnWa0DaJx
14 matches
Mail list logo
