+1 for oath 2.0. On Thu, Aug 19, 2010 at 2:53 PM, Henry Saputra <henry.sapu...@gmail.com>wrote:
> I am +1 for going with OAuth 2.0 instead of WRAP. > > Looks like the OAuth WRAP is deprecated in favor of OAuth 2.0: > http://wiki.oauth.net/OAuth-WRAP so might as well spend good quality time > adding support for OAuth 2.0. > > - Henry > > On Mon, Aug 16, 2010 at 7:40 AM, Mark D Weitzel <weitz...@us.ibm.com> > wrote: > > > I'd like to see OpenSocial adopt OAuth 2.0 rather than WRAP. I'd go > > further and say that a good target for this to happen is OpenSocial 1.1 > > next, which is tentatively scheduled for June/July 2011. This allows us > to > > start building out the implementation now, in shindig extras, and allow > > that to be the prototype required by the OS dev. process. This also > allows > > the spec and the implementation to rely on an official standard. > > > > -Mark W. > > > > > > > > From: > > Brian Eaton <bea...@google.com> > > To: > > dev@shindig.apache.org > > Date: > > 08/13/2010 05:35 PM > > Subject: > > Re: OAuth WRAP client support in Shindig? > > > > > > > > On Thu, Aug 12, 2010 at 12:18 AM, John Hjelmstad <fa...@google.com> > wrote: > > > > > Generally sounds fine to me. A few thoughts: > > > > > > 1. Is it expected that WRAP will simply be a subset of OAuth2 or will > we > > > require a separate OAuth2 code path? > > > > > > > I think that WRAP is a subset of OAuth2, plus some parameter changes. > The > > basic web server flow has seen no fundamental changes. > > > > > > > 2. The messaging I've generally heard is that OAuth2 will pretty much > > > completely replace WRAP. In practice I doubt that will be the case in > > full, > > > which could mean we're stuck supporting barely-used code. Thoughts on > > this? > > > > > > > Could happen. > > > > 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is > > these > > > days, ie. the value of supporting it for the code base? > > > > > > > Live at Microsoft, and at Google. Google is not widely documenting our > > WRAP > > support. We needed it for a few particular use cases, and it is being > > quietly used there. > > > > > > > 4. How much new code do you expect in OAuthRequest, roughly? It seems > > that > > > class is already getting quite large... > > > > > > I think this is the big question. > > > > The other question is if/when OpenSocial will adopt the OAuth2 crypto > > proposals. They've been dropped from the core spec due to lack of > > consensus, but I think we did arrive at something that OpenSocial will > > want > > some day. > > > > Cheers, > > Brian > > > > > > > -- Pablo Gra\~na Chief Architect Globant Arg Office: +54 (11) 4109 1743 UK Office: +44 (20) 7043 8269 int 8043 US Office: +1 (212) 400 7686 int 8043
