Ciao Luca :) thanks for your reply, since in the wiki page they say "We agreed to drop MD5, CRC32, and the likes from the spec due to security concerns. However, those signing algorithms should still be documented and will be supported by vendors so we might as well provide a consistent way of using them."
I was looking for some documentation just to have a look at those methods. Thanks!!! Simone On Wed, Apr 29, 2009 at 2:37 PM, Luca Mearelli <luca.meare...@gmail.com> wrote: > > hi, > > On Wed, Apr 29, 2009 at 11:56 AM, Simone Tripodi > <simone.trip...@gmail.com> wrote: >> I'd like to know more about signature methods extension mentione on >> the wiki page: >> >> http://wiki.oauth.net/SignatureMethods > > section 9 in the spec. defines the requirement for signatures but does > not mandate a specific signature method it rather describes an > algorithm to define the text to be signed (the "signature base > string") and "defines three signature methods: HMAC-SHA1, RSA-SHA1, > and PLAINTEXT, but Service Providers are free to implement and > document their own methods." i.e. Some service provider implementer > could choose to build his own signature method (e.g. using different > crypto) as long as it properly documents it but I honestly can't > remember any SP that has done so... > > anyhow it seems that the wiki page was calling for documenting in a > standard way the specific signature methods developed by the various > SPs (i noticed that the wiki page pre-dates the "OAuth Core 1.0" spec > which was published on Dec 4th 2007). > > ciao, > Luca > > > > -- http://www.google.com/profiles/simone.tripodi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
