I would like to see the signatures stay in a separate spec, but to be worked on and released along side of the core spec.
In fact, I think that there's more than one kind of "signature" that can be used with the OAuth token mechanisms. At IIW East, we walked through several use cases that called for different kinds of signatures to support them: signed tokens and signed requests. I have direct uses for the signed request mechanism (a la OAuth 1.0, 2-legged and otherwise), and I have seen others with compelling use cases for signed tokens. -- Justin On Thu, 2010-09-23 at 21:43 -0400, Eran Hammer-Lahav wrote: > Since much of this recent debate was done off list, I'd like to ask people > to simply express their support or objection to including a basic signature > feature in the core spec, in line with the 1.0a signature approach. > > This is not a vote, just taking the temperature of the group. > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
