On 2/3/09 5:11 PM, "Perryn Fowler" <[email protected]> wrote:
> I'm probably being dense or ignorant or both here, but why is it an issue > from the OAuth prespective whether the payload is XML or something else? > Could you not just consider it as a byte-stream, or text in a known encoding? As long as you have access to the raw HTTP body, you can sign it regardless of what it represents. Multi-part bodies are tricky because you need to take into account the separator used, and the implication of manipulating the separator header. Because the same XML content can take many byte-stream forms, if you don't have access to the raw byte-stream, you need to handle canonicalization of the XML document (and it can get pretty complex with stuff like XMLDSIG). EHL --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
