I see the following line in the ITEF charter: * A mechanism for signing HTTP requests with the token-secret pair
Is the 'core' OAuth specification going to be limited only to HTTP, or is there opportunity and reason to make it a general method of signing method, resource and parameters of a programmatic request for the purpose of consumer authorization and user credential delegation? It seems like other protocols could use the same signing and delegation methodology (probably with some hybrid using HTTP), but may not be 'traditional' HTTP (eg, XMPP http://xmpp.org/extensions/xep-0235.html) during requests. Or, would the 'extensions' go the other way, defining how other protocols might use the same methods, or in a generic sense? I guess I wonder if defining only HTTP and not calling out generic usage could make using OAuth in other areas somewhat more difficult from a standards perspective. (I wasn't sure which list to ask this on - it seems somewhat more to do with Core than the current discussions on the ITEF list) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
