hi, On Wed, Apr 29, 2009 at 11:56 AM, Simone Tripodi <[email protected]> wrote: > I'd like to know more about signature methods extension mentione on > the wiki page: > > http://wiki.oauth.net/SignatureMethods
section 9 in the spec. defines the requirement for signatures but does not mandate a specific signature method it rather describes an algorithm to define the text to be signed (the "signature base string") and "defines three signature methods: HMAC-SHA1, RSA-SHA1, and PLAINTEXT, but Service Providers are free to implement and document their own methods." i.e. Some service provider implementer could choose to build his own signature method (e.g. using different crypto) as long as it properly documents it but I honestly can't remember any SP that has done so... anyhow it seems that the wiki page was calling for documenting in a standard way the specific signature methods developed by the various SPs (i noticed that the wiki page pre-dates the "OAuth Core 1.0" spec which was published on Dec 4th 2007). ciao, Luca --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
