Hi Tim,
On 14/03/11 17:26, Tim Brody wrote:
> Hi All,
>
> I'm pondering whether on-behalf-of is necessary when we could be using
> OAuth (or similar approach)?
>
> e.g.
> OAuth authorize ("ON-BEHALF-OF")
> -> token
> SWORD: Authorization: OAuth {token}
>
> That means we can cut a chunk out of the SWORD spec and just say "use
> OAuth" if you want mediated deposits.
The 1.3 spec mentions OAuth as a possible approach to secured mediated
deposit (Section 2), but that's as far as it went. Before proposing
this project we looked at the scale of the challenge of properly
specifying/profiling/adopting an AuthNZ process for SWORD and figured
the challenge to be too large alongside all the other stuff (it's pretty
much a project in its own right). So, as it stands, SWORD 2.0 will say
the same thing as 1.3.
I'm quite interested in OAuth (or similar) for security and mediated
deposit, but the implementation overhead is fairly significant.
Dropping On-Behalf-Of and saying "use OAuth" is approximately equivalent
to saying "we no longer support mediated deposit", I fear.
I'd be interested to see examples of where people have used an authNZ
framework over the top of SWORD, to get an idea of how they work
together. Have you done this at Southampton?
Cheers,
Richard
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Sword-app-techadvisorypanel mailing list
Sword-app-techadvisorypanel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sword-app-techadvisorypanel
