On Apr 15, 10:54 pm, Mike Malone <[email protected]> wrote: > Depending on your use case that may work, but in practice I think loosening > up the constraint requiring timestamps to be monotonically increasing makes > sense. Sometimes it is convenient to generate URIs for later use, and other > requests may be executed between the time such URIs are created and the time > a request is made to the URI. > > Also, if you have a consumer key that is used across many devices (e.g., a > desktop or mobile app, or a web app with multiple servers) there could be > any number of reasons why request A may arrive after request B despite being > signed earlier (e.g., clock drift or shoddy internet connectivity). > > So I'd say that strictly enforcing the timestamp constraint will probably be > a problem... and since the nonce optimization you described relies on > enforcement of the timestamp constraint I think it may not work in practice. > > Mike >
Outch..totally forgot about the desktop/mobile clients where a lot of requests could come in with the same consumer key..thanks so much! -cheers, Manish --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
