How about ‘add’? as in “Used to include additional data in the MAC normalized
string”.
EHL
From: William J. Mills [mailto:wmi...@yahoo-inc.com]
Sent: Thursday, August 04, 2011 6:06 PM
To: Eran Hammer-Lahav; Phil Hunt
Cc: OAuth WG
Subject: Re: [OAUTH-WG] MAC Tokens body hash
It's the proverbial
. Mills wmi...@yahoo-inc.com; Phil Hunt phil.h...@oracle.com
Cc: OAuth WG oauth@ietf.org
Sent: Sunday, August 14, 2011 11:28 PM
Subject: RE: [OAUTH-WG] MAC Tokens body hash
How about ‘add’? as in “Used to include additional data in the MAC normalized
string”.
EHL
From:William J. Mills
-Lahav; Phil Hunt
Cc: OAuth WG
Subject: Re: [OAUTH-WG] MAC Tokens body hash
add doesn't really say it to me either. ah, short for additional hash
is somewhat more mnemonic for me, but then I think ext isn't horrible
because it's a frequent abbreviation for extension.
-bill
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Ok. We seem to be using different definitions of what application data mean,
but have the same use cases in mind. I'll come up with a different name or just
keep ext.
EHL
On Aug 3, 2011, at 12:42, Phil Hunt phil.h...@oracle.com wrote:
Only allowing
, August 2, 2011 7:14 PM
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Phil
On 2011-08-02, at 18:02, Eran Hammer-Lahav e...@hueniverse.com wrote:
The idea is to drop 'ext' and 'bodyhash' due to being underspecified and
therefore causing more harm than good. I added 'ext' to allow for application
03, 2011 10:28 AM
To: Phillip Hunt; Eran Hammer-Lahav
Cc: Ben Adida; OAuth WG; Adam Barth(a...@adambarth.com)
Subject: Re: [OAUTH-WG] MAC Tokens body hash
In thinking about this I'm coming around to the viewpoint that a single
additional predefined spot is sufficient. If the app developer
Hunt [mailto:phil.h...@oracle.com]
Sent: Monday, August 01, 2011 10:51 PM
To: William J. Mills
Cc: Eran Hammer-Lahav; OAuth WG
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Agree.
-1 on removing the ext parameter.
Phil
@independentid
www.independentid.comhttp://www.independentid.com
phil.h
parameter.
EHL
From: Phil Hunt [mailto:phil.h...@oracle.com]
Sent: Monday, August 01, 2011 10:51 PM
To: William J. Mills
Cc: Eran Hammer-Lahav; OAuth WG
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Agree.
-1 on removing the ext parameter.
Phil
@independentid
scheme.
EHL
From: Phil Hunt [mailto:phil.h...@oracle.com]
Sent: Tuesday, August 02, 2011 8:31 AM
To: Eran Hammer-Lahav
Cc: William J. Mills; OAuth WG
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Not sure I understand. How does 'app' change the issue about internal format
and register
hurrah!
(not necessarily for losing a way to sign the body, but for simplicity and
avoiding some of the potential inconsistencies w/ bodyhash).
Is your plan to reserve an empty line 6 for the Normalized Request String
(which was used for bodyhash) or eliminate it, brining the total to six
On Tue, Aug 2, 2011 at 2:22 AM, Eran Hammer-Lahav e...@hueniverse.com wrote:
I am going to drop both ‘bodyhash’ and ‘ext’, and instead add ‘app’. ‘app’
allows you to include any data you want. ‘ext’ without an internal format
and register is just asking for trouble, and I have no intention of
Cc: OAuth WG; Ben Adida; 'Adam Barth (a...@adambarth.com)'
Subject: Re: [OAUTH-WG] MAC Tokens body hash
hurrah!
(not necessarily for losing a way to sign the body, but for simplicity and
avoiding some of the potential inconsistencies w/ bodyhash).
Is your plan to reserve an empty line 6
.
Will these changes work with your use cases?
EHL
-Original Message-
From: Skylar Woodward [mailto:sky...@kiva.org]
Sent: Tuesday, August 02, 2011 4:02 PM
To: Eran Hammer-Lahav
Cc: OAuth WG; Ben Adida; 'Adam Barth (a...@adambarth.com)'
Subject: Re: [OAUTH-WG] MAC Tokens body hash
hurrah
b...@adida.net; 'Adam Barth (a...@adambarth.com)'
a...@adambarth.com
Sent: Friday, July 29, 2011 6:43 PM
Subject: [OAUTH-WG] MAC Tokens body hash
I plan to drop support for the bodyhash parameter in the next draft based on
bad implementation experience. Even with simple text body, UTF encoding
, August 01, 2011 8:41 AM
To: Eran Hammer-Lahav; OAuth WG
Cc: Ben Adida; 'Adam Barth (a...@adambarth.com)'
Subject: Re: [OAUTH-WG] MAC Tokens body hash
Instead of body hash why not make it a payload hash or additional hash. The
app can include a hash of data there as defined by the app, and you've
...@hueniverse.com
To: William J. Mills wmi...@yahoo-inc.com; OAuth WG oauth@ietf.org
Cc: Ben Adida b...@adida.net; 'Adam Barth (a...@adambarth.com)'
a...@adambarth.com
Sent: Monday, August 1, 2011 8:59 AM
Subject: RE: [OAUTH-WG] MAC Tokens body hash
Would you still like to see both such app-specific payload
: Monday, August 1, 2011 8:59 AM
Subject: RE: [OAUTH-WG] MAC Tokens body hash
Would you still like to see both such app-specific payload hash AND the ext
parameter? I’m thinking of taking your idea and dropping ext. This way, the
application can define anything they want to put
I plan to drop support for the bodyhash parameter in the next draft based on
bad implementation experience. Even with simple text body, UTF encoding has
introduced significant issues for us. The current draft does not work using
simple JS code between a browser and node.js even when both use
18 matches
Mail list logo