We are doing all we can to get it done before basic auth removal. I
suspect if the spec is not finalized soon, we will just move forward
with a draft spec.
On Apr 11, 2010, at 12:06 PM, Cameron Kaiser <[email protected]>
wrote:
just to follow up on this, we're working on an oauth 2.0
implementation (of which we are contributors/authors to the spec).
that does have a profile which makes it possible to write JavaScript
oauth clients without compromising the keys. I can't give a date
yet,
however, as the spec is not even finalized yet. if people are
interested, I can circulate a URL to the draft.
However, if that does not occur prior to the Basic Auth drop-dead
date, then
there will have to be some measure of 'key compromise' in open
source clients.
Currently I have no choice but to minimally obfuscate my secret in
TTYtter,
while documenting I know full well it will be trivially easy to
recover (or
have the user create their own xAuth-enabled key/secret pair, which
I'm sure
many users will balk at).
--
------------------------------------ personal: http://www.cameronkaiser.com/
--
Cameron Kaiser * Floodgap Systems * www.floodgap.com * [email protected]
-- I use my C128 because I am an ornery, stubborn, retro grouch. --
Bob Masse -
--
To unsubscribe, reply using "remove me" as the subject.
