Hi,
IMHO, you should raise this in the IETF list as it pertains to the
charter. I think this is an important topic.
Cheers
<k/>
|-----Original Message-----
|From: [email protected] [mailto:[email protected]] On Behalf
|Of Onyx Raven
|Sent: Monday, February 02, 2009 11:16 AM
|To: [email protected]
|Subject: [oauth] OAuth only for HTTP request signing?
|
|
|I see the following line in the ITEF charter:
|
| * A mechanism for signing HTTP requests with the token-secret pair
|
|Is the 'core' OAuth specification going to be limited only to HTTP, or
|is there opportunity and reason to make it a general method of signing
|method, resource and parameters of a programmatic request for the
|purpose of consumer authorization and user credential delegation? It
|seems like other protocols could use the same signing and delegation
|methodology (probably with some hybrid using HTTP), but may not be
|'traditional' HTTP (eg, XMPP http://xmpp.org/extensions/xep-0235.html)
|during requests. Or, would the 'extensions' go the other way, defining
|how other protocols might use the same methods, or in a generic sense?
|
|I guess I wonder if defining only HTTP and not calling out generic
|usage could make using OAuth in other areas somewhat more difficult
|from a standards perspective.
|
|(I wasn't sure which list to ask this on - it seems somewhat more to
|do with Core than the current discussions on the ITEF list)
|
|
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
