On Thu, Aug 12, 2010 at 12:18 AM, John Hjelmstad <[email protected]> wrote:
> Generally sounds fine to me. A few thoughts: > > 1. Is it expected that WRAP will simply be a subset of OAuth2 or will we > require a separate OAuth2 code path? > I think that WRAP is a subset of OAuth2, plus some parameter changes. The basic web server flow has seen no fundamental changes. > 2. The messaging I've generally heard is that OAuth2 will pretty much > completely replace WRAP. In practice I doubt that will be the case in full, > which could mean we're stuck supporting barely-used code. Thoughts on this? > Could happen. 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is these > days, ie. the value of supporting it for the code base? > Live at Microsoft, and at Google. Google is not widely documenting our WRAP support. We needed it for a few particular use cases, and it is being quietly used there. > 4. How much new code do you expect in OAuthRequest, roughly? It seems that > class is already getting quite large... I think this is the big question. The other question is if/when OpenSocial will adopt the OAuth2 crypto proposals. They've been dropped from the core spec due to lack of consensus, but I think we did arrive at something that OpenSocial will want some day. Cheers, Brian
