Hi All,
I'm looking in more detail to the oAuth improvements scheduled for 0.1.0.
Currently, oAuth provisioning is implemented by Shindig which registers an
oAuth servlet that supports generating the request tokens, authorizing tokens
and exchanging request for access tokens. Despite the fact that this is not yet
completely implemented (i.e. three legged oAuth is not yet supported), we need
to think about how we should position oAuth support in Amdatu.
In my opinion, oAuth support (client-side and server-side) should be
implemented completely independent from OpenSocial, Shindig, Gadgets, etc. Any
(REST, gadget. etc) service should be able to authenticate consumers against
oAuth and register itself as an oAuth provider. Consumers might be gadgets but
could very well be other REST or OSGi services.
So my proposal would be to move oAuth to a separate independent oAuth bundle
and from the opensocial project to the amdatu-authorization project. oAuth
actually is about authentication, not authorization, but that is more of a
naming issue of the project I think ('amdatu-authorization&authentication'). It
certainly doesn't belong to amdatu-opensocial or amdatu-web, and also not in
amdatu-core I think. Furthermore, I would like to use the net.oauth library in
that bundle (not Scribe since it doesn't support oAuth provisioning). See also
issue http://jira.amdatu.org/jira/browse/AMDATU-181
What do you think?
Regards, Ivo
GX | Ivo Ladage-van Doorn | Product Architect | Wijchenseweg 111 | 6538 SW
Nijmegen | The Netherlands | T +31(0)24 - 388 82 61 | F +31(0)24 - 388 86 21 |
ivo.ladage-vandoorn at gxsoftware.com<mailto:ivo.ladage-vandoorn at
gxsoftware.com> | www.gxsoftware.com<http://www.gxsoftware.com> |
twitter.com/GXSoftware<http://twitter.com/GXSoftware>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.amdatu.org/pipermail/amdatu-developers/attachments/20101116/3f502a40/attachment.html
