Proposed Google searches: jar+version+nightmare
dll+version+nightmare <development framework of choice>+version+nightmare On Thu, Apr 30, 2009 at 7:17 PM, Josh Roesslein <[email protected]> wrote: > How will calling this 1.1 slow down the upgrade process? All libraries need > to change to cover the new spec, so it doesn't matter what we call it. > SP's can still support older clients by running 1.0 and 1.1 specs. This > allows for older clients to perform upgrades to 1.1 before cutting them off. > SP checks the oauth_version string in the request token request and then > uses the correct library version to complete the flow. > > On Thu, Apr 30, 2009 at 8:55 PM, Breno de Medeiros <[email protected]> wrote: >> >> Since there is no discovery supported in OAuth, even if the version is >> incremented, there is no way to know if an SP or consumer has upgraded >> without actually running the flow. >> >> If you increment the version number, you will have to make a lot more >> code changes in each library to configure behavior, and will slow down >> adoption of the fix and complicate a transitional period where folks >> might want to support the older flow with some mitigation >> features/stronger warnings until it is safe to break compatibility. >> >> If we want better security, we go with the option that moves us >> forward fastest. The easiest way to abandon 1.0 flow is to get >> everybody upgraded to 1.0A. And developers are complaining that >> incrementing the version number will slow things down. >> >> On Thu, Apr 30, 2009 at 6:26 PM, David Parry <[email protected]> wrote: >> > seriously, I don't understand the reluctance to increment >> > oauth_version. The new implementation is going to require work from >> > both SPs and consumers, and neither is really going to know if other >> > has upgraded without actually running the flow. At least, by >> > incrementing the version, both the SP and the Consumer definitively >> > know the required flow. >> > >> >> >> >> -- >> --Breno >> >> +1 (650) 214-1007 desk >> +1 (408) 212-0135 (Grand Central) >> MTV-41-3 : 383-A >> PST (GMT-8) / PDT(GMT-7) >> >> > > > > > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
