[oauth] Re: Signing method for XRD
Thanks guys for great feedback! Now I am feeling better in sticking with XML DSig. In the previous spec, we used XML DSig and turned out that most people did not implement/use it. If the community feels better about XML DSig now than several years ago, that is very reassuring. Thanks! =nat On Wed, 10 Jun 2009 08:44:06 -0700 (PDT), Zhihong zhih...@gmail.com wrote: SimpleSign had the same key rotation issue. Their solution is to add another Based-64 encoded KeyInfo. That's problematic for us because KeyInfo is part of XMLDSig and it's not trivial to process without a library. So we implemented it without KeyInfo. To get around the key rotation issue, we don't check expiration on the cert. We only have a handful of partners using this and we accept the risks. Zhihong On Jun 10, 10:16 am, Love Hörnquist Åstrand l...@kth.se wrote: How do you handle multiple signatures to enable key migration (key rollover, new and signature algs) ? Love 9 jun 2009 kl. 23:43 skrev Nat Sakimura: Hi all: At XRI TC of OASIS Open, we are talking about the signing method for XRD. The current trend in the TC is that to use a constrained form of XML DSig, which is found in the SAML Core spec. We are almost deciding on it, but I would like to hear from the community that if it would be OK. The reason I ask this was that when we started to discuss the signing method for XRD back in November last year, we were hearing from the community that XML DSig is too complex and hard to use by some developers. That's why we came up with Simple Sign which basically signes the blob without any cannonicalization. e.g., SXRD sig=signature sigalg=http://www.w3.org/2000/09/xmldsig#rsa-sha1 certuri=pem file location data=BASE64 of the payload / Where: XRD/@data : Base64 encoded XRD to be signed. XRD/@sig : Signature taken over the original data (before Base64 encoding). XRD/@certuri: (Optional) Certificate location.Either XRD/@certuri or XRD/@certs MUST be present. XRD/@certs : (Optional) The content of x...@certuri.if both XRD/ @certuri and XRD/@certs are present, XRD/@certs takes precidence. XRD/@sigalg : (Optional) Signature Algorithm. Defaults to rsa-sha1. When we started writing spec on such thing, we found that we are re- writing a lot of things that are already in XML DSig. As the result, XML DSig with new canonicalization method=no- canonicalization was discussed and in the end, it seems the discussion precipitated to After all, constrained XML DSig would be good enough. Theoretically, it looks good. The remaining question is then the reality check, such as: Is it widely implementable, in each scripting language and hosting environment including Google AppEngine, Force.com, etc.? Would the community feel that this is simple enough? I would appreciate your insight/opinion/input into this matter. Best, -- Nat Sakimura (=nat) http://www.sakimura.org/en/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: Fix maven dependencies
I'll do that. Thanks for pointing it out. On Jun 11, 7:52 am, bowa bruno.w...@gmail.com wrote: Can someone with svn commit rights to the google code project change this and put a new build on the maven repo please ? thanks, bruno --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: problem with maven2
I corrected this, in version 20090531. I'm sorry I caused you difficulty. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] How to get oauth_token and oauth_token_secret for users without going to tweet.com for Deny/Allow process
Hi I am having code to post message on tweet.com from my site using OAUTH. The objective to use oauth is display source name as my sitename (i.e. from Redcounty.com) not from web. My problem is I don't want to go twitter.com for 1)Login and 2) Deny/Allow process So in nutshell I want to generate oauth_token and oauth_token_secret for users without going to tweet.com i.e. approval for Allow and Deny can be done from my site(redcounty.com) using API like I used to do for normal login using verify_credentials.xml. I got script from http://www.jaisenmathai.com/blog/2009/03/31/how-to-quickly-integrate-with-twitters-oauth-api-using-php/ currently I kept script on http://www.redcounty.com/twitteroauth/start.php Please help me to make this script functional. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: Simplify OAuthCredentials
Done, in -r1052 of the Java library http://oauth.googlecode.com/svn/code/java/core/httpclient4/ Thanks for the suggestion. On Jun 8, 12:01 pm, Paul Austin paul.d.aus...@gmail.com wrote: Could a new constuctor be added which just accepted a consumerKey and consumerSecret and automatically created the accessor. This would be useful for the 2-legged case. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] OAuth Core 1.0 Rev A status
Have there been any updates on the status of 1.0 Rev A since draft 3 was published? It seemed like it was going get finalized on the 27th of May according to this message http://groups.google.com/group/oauth/ msg/de5169bc5ba6bcee. But there hasn't been any formal announcements or anything else. Thanks for the info, Rich --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: OAuth Core 1.0 Rev A status
It is final. Just didn't get around to post it yet. EHL On 6/12/09 4:28 PM, rwallace rwallace1...@gmail.com wrote: Have there been any updates on the status of 1.0 Rev A since draft 3 was published? It seemed like it was going get finalized on the 27th of May according to this message http://groups.google.com/group/oauth/ msg/de5169bc5ba6bcee. But there hasn't been any formal announcements or anything else. Thanks for the info, Rich --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: problem with maven2
Hi Where to get version 20090531 . Please give me link url link for it. On Fri, Jun 12, 2009 at 9:55 PM, John Kristian jmkrist...@gmail.com wrote: I corrected this, in version 20090531. I'm sorry I caused you difficulty. -- Regards Mandakini --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---
[oauth] Re: Simplify OAuthCredentials
Hi Thnaks for your quick response. Any luck to get code in php ? or concept how to do it ? On Fri, Jun 12, 2009 at 10:14 PM, John Kristian jmkrist...@gmail.comwrote: Done, in -r1052 of the Java library http://oauth.googlecode.com/svn/code/java/core/httpclient4/ Thanks for the suggestion. On Jun 8, 12:01 pm, Paul Austin paul.d.aus...@gmail.com wrote: Could a new constuctor be added which just accepted a consumerKey and consumerSecret and automatically created the accessor. This would be useful for the 2-legged case. -- Regards Mandakini --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups OAuth group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~--~~~~--~~--~--~---