Yes, we're pushing this to be an optional, backwards-compatible, part of the OAuth specification. I've gotten good feedback from the OAuth community so far.
The backwards compatible piece is pretty important; the idea is that clients can opt-in to body signing without breaking existing compatibility with existing service providers. On Tue, Mar 17, 2009 at 10:20 PM, Charlie Jiang <[email protected]> wrote: > > Hi Brian, > > Sorry to be very late to comment on this. Are we suggesting to push this > to be part of OAuth spec? If so, have we talked to them? > > -Charlie > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Brian > Eaton > Sent: Thursday, March 12, 2009 9:29 AM > To: [email protected]; [email protected]; > [email protected] > Subject: [opensocial-and-gadgets-spec] last call for comments on body > signing > > > Hi folks - > > I've neglected the body signing specification for a few months and I'd > like to wrap it up. A fresh draft is here: > > http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/3/spec.htm > l > > Changes: > - language cleaned up to be more precise > - more detailed example > > Things that have not changed: > - no, I'm not going to do anything about HTTP header integrity. Write > another spec if you want that. > > I'm aiming to have a couple of reference implementations and a final > spec by next Friday, March 20th. > > Cheers, > Brian > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
