I'm really not sure if it's worth it to start implementing WRAP as well, since it has been deprecated in favor of OAuth2 (http://wiki.oauth.net/OAuth-WRAP).
Maybe starting with the current OAuth2 spec draft and then adapting this once a new draft or the final spec is published, would be the better way to go. On a site note: we are currently planning on implementing inbound OAuth2 support into our forked php shindig here, which should be ready and comittable to the shindig trunk sometime end of august. Cheers Bastian Am 12.08.2010 um 09:18 schrieb John Hjelmstad: > Generally sounds fine to me. A few thoughts: > > 1. Is it expected that WRAP will simply be a subset of OAuth2 or will we > require a separate OAuth2 code path? > > 2. The messaging I've generally heard is that OAuth2 will pretty much > completely replace WRAP. In practice I doubt that will be the case in full, > which could mean we're stuck supporting barely-used code. Thoughts on this? > > 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is these > days, ie. the value of supporting it for the code base? > > 4. How much new code do you expect in OAuthRequest, roughly? It seems that > class is already getting quite large... > > --j > > On Thu, Aug 12, 2010 at 12:08 AM, Brian Eaton <[email protected]> wrote: > >> Hey folks - >> >> I'm thinking about adding support for the OAuth WRAP protocol to Shindig. >> OAuth WRAP was an early predecessor to OAuth 2. OAuth 2 is still a moving >> target, but OAuth WRAP is final, and there are implementations in the wild. >> >> The relevant shindig code is all in OAuthRequest.java. This is entirely >> about outbound requests from Shindig, not inbound requests. >> >> OAuth WRAP is fairly similar to the Scalable OAuth Extension, which is >> already implemented in Shindig. >> >> I'd only implement the web app profile of OAuth WRAP; that's the only >> interesting one for gadgets. >> >> I'd expect the OAuth WRAP code to move readily to OAuth 2 once OAuth 2 is >> finalized. The web app profile has seen lots of parameter name changes, >> but >> the basic protocol steps have been constant for a few months now. >> >> The major functional gap between OAuth WRAP and OAuth2 is cryptographic >> signing; there are many key OpenSocial features that won't work until we've >> got a solid design for that. I'd expect OpenSocial to use one of the >> OAuth2 >> assertion profiles. At any rate, that work would not be done first. >> >> Thoughts on this? >> >> Cheers, >> Brian >> VZnet Netzwerke Ltd. || Saarbruecker Str. 38 || D - 10405 Berlin Tel: +49 (30) 4050427 513 Fax: Mobil: [email protected] http://www.studivz.net/bastian www.studivz.net, www.meinvz.net, www.schuelervz.net VZnet Netzwerke Limited, Registered Office Berlin, Registration Court Charlottenburg, HRB 101454 Executive Directors: Clemens Riedl, Thomas Baum Non-Executive Directors: Dr. Michael Brockhaus, Martin Weber, Claas van Delden Headquarters: VZnet Netzwerke Limited, 5 New Street Square, London EC4A 3TW, United Kingdom Companies House Cardiff No. 5607971, Place of Registration: England and Wales
