> Aside/my $.02: This is a key issue which Salmon+Magic Signatures > evades by essentially treating the HTTP request (the method, URL, > headers, etc.) as advisory/transport hints, to be ignored when reading > the data, and making sure the protocol works even if the data is sent > via carrier pigeon; all important information must be contained in the > signed, structured body. This is much much harder if you have to deal > with totally arbitrary kinds of requests with arbitrary semantics. > > > This also means that you're effectively using HTTP as a simple > transport to move envelopes around, in much the same way you can use > the ocean to transport messages in bottles around, but a bit more > efficiently. I've banged my head against this a bit and have not come > up with a better solution but if there is one I'd love to hear it. >
+1 _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth