On Fri, Jun 25, 2010 at 10:49 AM, Luke Shepard <lshep...@facebook.com> wrote:
> Brian, Dirk - just wondering if you had thoughts here?
>
> The only strong reason I can think of for base64 encoding is that it allows
> for a delimiter between the body and the signature. Is there any other reason?
Without base64 encoding we have to define canonicalization procedures
around spaces and we still have to URL encode separator characters
such as {. There is also the risk that developers might be confused
whether the URL encoding is to be performed before or after
computation of the signature. If you say that the signature is
computed on the base64 encoded blob, there's less scope for confusion
and interoperability issues.
>
> On Jun 24, 2010, at 11:33 AM, Naitik Shah wrote:
>
>> I've been following some of the discussions wrt the new Signature proposal,
>> and I think I get the reason for needing Base64, but wasn't quite sure if I
>> understood it correctly (allows the use of a separator?). Would someone mind
>> elaborating?
>>
>> The payload looks is urlencode(web_base64(json_encode(data))) -- and the
>> urlencode in this case should be an identity function.
>>
>> I'm wondering if urlencode(json_encode(data)) would be acceptable.
>>
>>
>> Thanks,
>> -Naitik
>> <ATT00001..txt>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
--
Breno de Medeiros
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
