On Wed, Jul 7, 2010 at 7:49 PM, Eran Hammer-Lahav <e...@hueniverse.com>wrote:
> Can we get an updated document based on the feedback received? > Sure - I just got back from my vacation. I'll read through the thread and update the docs. Cheers, Dirk. > EHL > > > On 6/21/10 12:04 AM, "Dirk Balfanz" <balf...@google.com> wrote: > > </> </> Hi guys, > > > I think I owe the list a proposal for signatures. > > I wrote something down that liberally borrows ideas from Magic Signatures < > http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html> > , SWT <http://groups.google.com/group/WRAP-WG/files> , and (even the name > from) JSON Web Tokens < > https://groups.google.com/group/WRAP-WG/browse_thread/thread/a99369c4b74d4cd0#> > . > > > Here is a short document (called "JSON Tokens") that just explains how to > sign something and verify the signature: > > http://docs.google.com/document/pub?id=1kv6Oz_HRnWa0DaJx_SQ5Qlk_yqs_7zNAm75-FmKwNo4 > > Here is an extension of JSON Tokens that can be used for signed OAuth > tokens: < > http://docs.google.com/document/pub?id=1JUn3Twd9nXwFDgi-fTKl-unDG_ndyowTZW8OWX9HOUU> > > > http://docs.google.com/document/pub?id=1JUn3Twd9nXwFDgi-fTKl-unDG_ndyowTZW8OWX9HOUU > > Here is a different extension of JSON Tokens that can be used for 2-legged > flows. The idea is that this could be used as a drop-in replacement for SAML > assertions in the OAuth2 assertion flow: > > http://docs.google.com/document/pub?id=1s4kjRS9P0frG0ulhgP3He01ONlxeTwkFQV_pCoOowzc > > I also have started to write some code < > http://code.google.com/p/jsontoken/source/browse/#svn/trunk/src/main/java/net/oauth/signatures> > to implement this as a proof-of-concept. > > Thoughts? Comments? > > Dirk. > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
