Hi Tim, On 14/03/11 17:26, Tim Brody wrote: > Hi All, > > I'm pondering whether on-behalf-of is necessary when we could be using > OAuth (or similar approach)? > > e.g. > OAuth authorize ("ON-BEHALF-OF") > -> token > SWORD: Authorization: OAuth {token} > > That means we can cut a chunk out of the SWORD spec and just say "use > OAuth" if you want mediated deposits.
The 1.3 spec mentions OAuth as a possible approach to secured mediated deposit (Section 2), but that's as far as it went. Before proposing this project we looked at the scale of the challenge of properly specifying/profiling/adopting an AuthNZ process for SWORD and figured the challenge to be too large alongside all the other stuff (it's pretty much a project in its own right). So, as it stands, SWORD 2.0 will say the same thing as 1.3. I'm quite interested in OAuth (or similar) for security and mediated deposit, but the implementation overhead is fairly significant. Dropping On-Behalf-Of and saying "use OAuth" is approximately equivalent to saying "we no longer support mediated deposit", I fear. I'd be interested to see examples of where people have used an authNZ framework over the top of SWORD, to get an idea of how they work together. Have you done this at Southampton? Cheers, Richard ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Sword-app-techadvisorypanel mailing list Sword-app-techadvisorypanel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sword-app-techadvisorypanel