On Thu, May 20, 2010 at 11:34 PM, Eran Hammer-Lahav <e...@hueniverse.com>wrote:
> > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > > Of Dirk Balfanz > > Sent: Thursday, May 20, 2010 4:39 PM > > To: OAuth WG > > Subject: [OAUTH-WG] proposal for factoring out request signing in OAuth 2 > > > > Hi guys, > > > > at today's interim meeting, we were discussing Brian Eaton's proposal for > > OAuth signatures. He was proposing a mechanism that would (1) do away > > with base string canonicalization, (2) allow for symmetric and public > keys, and > > (3) allow for extensibility. > > It doesn't get rid of the base string canonicalization; it just moves the > pieces around with different benefits and tradeoffs. It might be a better > rearrangement since it moves the complexity from the client to the server, > but your characterization is misleading. I'll wait for Brian to post his > proposal to the list before an in-depth discussion. > Sorry - I didn't mean to jump to conclusions about Brian's proposal. Do you agree, though, that my refactoring proposal is orthogonal to whether we'll agree to Brian's new signature scheme? Dirk. > > EHL >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
