On 2010-07-03, at 11:28 AM, Luke Shepard wrote: >> >>> > >>> > * We'd like the signature first (so you can left split instead of right >>> > split) >>> >>> What are the advantages of left split vs right split? >>> >>> Built in split function with a limit is more common, which makes the left >>> split easier. >> >> Size limit I am assuming? Since the size of the signature is known, this >> makes it safer to have it first? Makes sense to me. > > Sounds like we agree on this point at least.
sortof, I don't disagree :) > > The main reason is that it's easier to restrict the delimiter from appearing > in the signature than in the payload. This way the delimiter (period) can > show up in the payload and a left split can still work. if each string is base64url, then the period is always the separator I am still and advocate for a separate string which is the payload. I consider this mechanism to be more generic than OAuth request signatures. I think it can be used for OAuth tokens as well.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
