Hi guys,
I think I owe the list a proposal for signatures.
I wrote something down that liberally borrows ideas from Magic
Signatureshttp://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html,
SWT http://groups.google.com/group/WRAP-WG/files, and (even the name from)
JSON Web
On 21 June 2010 08:04, Dirk Balfanz balf...@google.com wrote:
Hi guys,
I think I owe the list a proposal for signatures.
I wrote something down that liberally borrows ideas from Magic Signatures,
SWT, and (even the name from) JSON Web Tokens.
Here is a short document (called JSON Tokens) that
Hi Dirk,
In addition to Ben's questions, I have another. For X.509, you seem to
be using DER. How do you express the entire certificate chain using
DER?
(With PEM, you can just concatenate ... )
And here is some comments:
If body_hash is not used, it seems it is just doing the client
Another newbie question: what is the technical reason for NOT including
an oauth protocol version number?
Including protocol versions numbering is the norm in most/all IETF protocols.
Also exchange types, cipher types, etc. etc.
/thomas/
From:
Thanks for writing this up Dirk.
I would suggest that the token be:
payload . envelope . signature
This enables the payload to be encrypted and independent from the envelope.
Token signing, verification, encryption and decryption code can then be generic
and not understand the
On Mon, Jun 21, 2010 at 10:26 PM, Ben Laurie b...@google.com wrote:
On 21 June 2010 14:22, Nat Sakimura sakim...@gmail.com wrote:
Hi Dirk,
In addition to Ben's questions, I have another. For X.509, you seem to
be using DER. How do you express the entire certificate chain using
DER?
(With
On 21 June 2010 16:33, Nat Sakimura sakim...@gmail.com wrote:
On Mon, Jun 21, 2010 at 10:26 PM, Ben Laurie b...@google.com wrote:
On 21 June 2010 14:22, Nat Sakimura sakim...@gmail.com wrote:
Hi Dirk,
In addition to Ben's questions, I have another. For X.509, you seem to
be using DER. How do
On Mon, Jun 21, 2010 at 7:43 AM, Dick Hardt dick.ha...@gmail.com wrote:
Thanks for writing this up Dirk.
I would suggest that the token be:
payload . envelope . signature
This enables the payload to be encrypted and independent from the envelope.
Token signing, verification, encryption and
I'm not emphatic about either, but my vote is to remove the envelope.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Eaton
Sent: Monday, June 21, 2010 9:49 AM
To: Dick Hardt
Cc: OAuth WG
Subject: Re: [OAUTH-WG] proposal for signatures
A couple of advantages of separating:
1) everything but the envelope data (key_id, signer, algorithm) gets
encrypted
2) if the encrypted data is an object in the JSON, then it has been base64
encoded, and then gets base64 encoded again. Much more efficient to include
the base64 encoded binary of
Here is the wiki page: http://wiki.oauth.net/OAuth-2-for-Native-Apps
Feel free to edit or comment.
Marius
On Wed, Jun 9, 2010 at 10:59 AM, David Recordon record...@gmail.com wrote:
Want to put this on the wiki http://wiki.oauth.net/?
On Mon, Jun 7, 2010 at 12:25 PM, Marius Scurtescu
On Mon, Jun 21, 2010 at 4:18 AM, Ben Laurie b...@google.com wrote:
On 21 June 2010 08:04, Dirk Balfanz balf...@google.com wrote:
Hi guys,
I think I owe the list a proposal for signatures.
I wrote something down that liberally borrows ideas from Magic
Signatures,
SWT, and (even the name
On Mon, Jun 21, 2010 at 6:22 AM, Nat Sakimura sakim...@gmail.com wrote:
Hi Dirk,
In addition to Ben's questions, I have another. For X.509, you seem to
be using DER. How do you express the entire certificate chain using
DER?
(With PEM, you can just concatenate ... )
Good question:
Nat and Ben,
In addition to Ben's questions, I have another. For X.509, you seem to
be using DER. How do you express the entire certificate chain using
DER?
(With PEM, you can just concatenate ... )
With DER you can concatenate, too, of course. There's also PKCS#n (for
some value
I am working on -09 which I hope will be the last major revision of the
specification. If you were planning on submitting any feedback on draft -08 or
the simplification proposal from David and me, please do so by tomorrow to be
included in the next draft.
EHL
Eran,
There have been a few mentions recently of an OAuth discovery draft. Is there
any such draft yet, or is this just a part that we know needs to be done?
The email on OAuth meeting notes on -05 (with updates) said:
6.1.1. - describing the WWW-Authenticate response header
- Discovery
Yes, it's on my desk and not yet ready, but I am working on one. It includes
your sites proposal among other things. I am trying to get the core spec stable
this week and focus on that next.
EHL
-Original Message-
From: Manger, James H [mailto:james.h.man...@team.telstra.com]
Sent:
17 matches
Mail list logo
