Hi Dirk, Inline:
On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz <balf...@google.com> wrote: > > > On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt > <tors...@lodderstedt.net> wrote: >> >> Hi Dirk, >> >> I have some questions concerning your proposal: >> >> - As far as I understand, the difference to "magic signatures" lays in the >> usage of a JSON token carrying issuer, not_before, not_after and audience. >> While such properties are important for security tokens (assertions), I >> cannot see an advantage of using this format for signatures of HTTP >> requests. Would you please explain? > > You mean advantage over magic signatures? It's really a similar idea - it's > just that magic signatures as is don't quite fit the bill. For example, they > have newlines in > them: http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html#anchor5 Well, they MAY, but they do not have to. Would not profiling Magic Signatures so that it does not contain newlines do? -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
