Matt, This is great!
Just as an FYI, Paul has made it much easier to contribute your work as part of the extras directory in the shindig svn. We've started implementing the ActivityStreams work this way. Because things like Activity Streams are moving fast and are not baked in the wild, we were looking for a way to get at least some code out quickly that demonstrates an implementation without affecting the core shindig. A sort of "open prototyping" if you will. While we started with ActivityStreams, I'm pushing all the teams inside of IBM to adopt this approach whenever possible. If all goes well, we'll have some CMIS prototype code ready in a bit as well. Hopefully, the OAuth stuff can work the same way as activity streams--introduce your support in extras and then plug it in via guice. I say "hopefully" b/c OAuth 2.0 introduces a bunch of new stuff that's likely to touch the core. Whenever you're ready, we could work with Paul to carve out a spot in extras. -Mark W. From: Matt Tucker <[email protected]> To: "[email protected]" <[email protected]> Date: 08/19/2010 01:30 PM Subject: Re: OAuth WRAP client support in Shindig? Mark, +1 on this -- oAuth 2.0 support is still pretty new out in the wild but the momentum is clearly there. We're starting to experiment with oAuth 2.0 support at Jive and will find a way to contribute some experimental patches as we make progress. Thanks, Matt On Aug 16, 2010, at 7:40 AM, Mark D Weitzel wrote: > I'd like to see OpenSocial adopt OAuth 2.0 rather than WRAP. I'd go > further and say that a good target for this to happen is OpenSocial 1.1 > next, which is tentatively scheduled for June/July 2011. This allows us to > start building out the implementation now, in shindig extras, and allow > that to be the prototype required by the OS dev. process. This also allows > the spec and the implementation to rely on an official standard. > > -Mark W. > > > > From: > Brian Eaton <[email protected]> > To: > [email protected] > Date: > 08/13/2010 05:35 PM > Subject: > Re: OAuth WRAP client support in Shindig? > > > > On Thu, Aug 12, 2010 at 12:18 AM, John Hjelmstad <[email protected]> wrote: > >> Generally sounds fine to me. A few thoughts: >> >> 1. Is it expected that WRAP will simply be a subset of OAuth2 or will we >> require a separate OAuth2 code path? >> > > I think that WRAP is a subset of OAuth2, plus some parameter changes. The > basic web server flow has seen no fundamental changes. > > >> 2. The messaging I've generally heard is that OAuth2 will pretty much >> completely replace WRAP. In practice I doubt that will be the case in > full, >> which could mean we're stuck supporting barely-used code. Thoughts on > this? >> > > Could happen. > > 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is > these >> days, ie. the value of supporting it for the code base? >> > > Live at Microsoft, and at Google. Google is not widely documenting our > WRAP > support. We needed it for a few particular use cases, and it is being > quietly used there. > > >> 4. How much new code do you expect in OAuthRequest, roughly? It seems > that >> class is already getting quite large... > > > I think this is the big question. > > The other question is if/when OpenSocial will adopt the OAuth2 crypto > proposals. They've been dropped from the core spec due to lack of > consensus, but I think we did arrive at something that OpenSocial will > want > some day. > > Cheers, > Brian > >
