Progress update: There is a new draft out, with clarifications based on feedback and implementation experience:
http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html There are pending shindig code reviews for the implementation: http://codereview.appspot.com/27054/show http://codereview.appspot.com/28042/show http://codereview.appspot.com/28075/show Cheers, Brian On Wed, Mar 18, 2009 at 9:26 AM, Brian Eaton <[email protected]> wrote: > Yes, we're pushing this to be an optional, backwards-compatible, part > of the OAuth specification. I've gotten good feedback from the OAuth > community so far. > > The backwards compatible piece is pretty important; the idea is that > clients can opt-in to body signing without breaking existing > compatibility with existing service providers. > > On Tue, Mar 17, 2009 at 10:20 PM, Charlie Jiang <[email protected]> wrote: >> >> Hi Brian, >> >> Sorry to be very late to comment on this. Are we suggesting to push this >> to be part of OAuth spec? If so, have we talked to them? >> >> -Charlie >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Brian >> Eaton >> Sent: Thursday, March 12, 2009 9:29 AM >> To: [email protected]; [email protected]; >> [email protected] >> Subject: [opensocial-and-gadgets-spec] last call for comments on body >> signing >> >> >> Hi folks - >> >> I've neglected the body signing specification for a few months and I'd >> like to wrap it up. A fresh draft is here: >> >> http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/3/spec.htm >> l >> >> Changes: >> - language cleaned up to be more precise >> - more detailed example >> >> Things that have not changed: >> - no, I'm not going to do anything about HTTP header integrity. Write >> another spec if you want that. >> >> I'm aiming to have a couple of reference implementations and a final >> spec by next Friday, March 20th. >> >> Cheers, >> Brian >> >> >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
