I am +1 for going with OAuth 2.0 instead of WRAP. Looks like the OAuth WRAP is deprecated in favor of OAuth 2.0: http://wiki.oauth.net/OAuth-WRAP so might as well spend good quality time adding support for OAuth 2.0.
- Henry On Mon, Aug 16, 2010 at 7:40 AM, Mark D Weitzel <[email protected]> wrote: > I'd like to see OpenSocial adopt OAuth 2.0 rather than WRAP. I'd go > further and say that a good target for this to happen is OpenSocial 1.1 > next, which is tentatively scheduled for June/July 2011. This allows us to > start building out the implementation now, in shindig extras, and allow > that to be the prototype required by the OS dev. process. This also allows > the spec and the implementation to rely on an official standard. > > -Mark W. > > > > From: > Brian Eaton <[email protected]> > To: > [email protected] > Date: > 08/13/2010 05:35 PM > Subject: > Re: OAuth WRAP client support in Shindig? > > > > On Thu, Aug 12, 2010 at 12:18 AM, John Hjelmstad <[email protected]> wrote: > > > Generally sounds fine to me. A few thoughts: > > > > 1. Is it expected that WRAP will simply be a subset of OAuth2 or will we > > require a separate OAuth2 code path? > > > > I think that WRAP is a subset of OAuth2, plus some parameter changes. The > basic web server flow has seen no fundamental changes. > > > > 2. The messaging I've generally heard is that OAuth2 will pretty much > > completely replace WRAP. In practice I doubt that will be the case in > full, > > which could mean we're stuck supporting barely-used code. Thoughts on > this? > > > > Could happen. > > 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is > these > > days, ie. the value of supporting it for the code base? > > > > Live at Microsoft, and at Google. Google is not widely documenting our > WRAP > support. We needed it for a few particular use cases, and it is being > quietly used there. > > > > 4. How much new code do you expect in OAuthRequest, roughly? It seems > that > > class is already getting quite large... > > > I think this is the big question. > > The other question is if/when OpenSocial will adopt the OAuth2 crypto > proposals. They've been dropped from the core spec due to lack of > consensus, but I think we did arrive at something that OpenSocial will > want > some day. > > Cheers, > Brian > > >
