On 2010-06-21, at 11:03 PM, David Recordon wrote: > Thanks for writing this. A few questions... > > Do we need both `issuer` and `key_id`? Shouldn't we use `client_id` > instead at least for OAuth?
it is the ID of the key, not the client -- used to rollover keys > Does "websafe-base64-encoded" mean that I can't just blindly use my > languages built in base64 encode function? correct -- but a growing number of languages are supporting websafe > > Don't we still have the more fundamental question to answer about > decoupling what's being signed from the underlying HTTP request? I have no idea what you mean by this question -- Dick _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth