You are right about the RI and I also thought like you but now I think that SP cannot be packaged into a concrete, production ready RI, reason being that the Service provider depends upon many parameters like scalability, security, architecture, clustered/distributed environment etc. ande these things depend upon your own scenario. I strongly think that SP implementation on Yahoo, Google, AOL must be very different (I even wrote a post about the contrary earlier on http://monisiqbal.blogspot.com/2009/06/google-playing-godfather.html). Of course they all follow the specs but there are additional things to take care off that the spec deliberately opts out. On the other hand Consumers aren't that varying in nature and hence the examples or RI is closer to the actual working code.
Thanks, Monis On Jul 4, 11:55 pm, "Dr. Jawa" <[email protected]> wrote: > Thanks Monis for your information! > > I checked Signpost and found following things: > > 1. There is no example if you want to act as a service provider. At > least all of examples are only for the consumers... > > 2. I checked out the "trunk" of their SVN and tried to build with > Maven. Just like here the first build failed. With some litte efforts > I could compile the code successfully. It seems that the author forget > to change one dependency... or forget to commit the change. > > 3. No discussion forum, and the project has only one developer. > > So from my point of view with my short experience it doesn't look that > good... > > After working with OpenID and its Open Source Java implementation > openid4java and now OAuth with this Java implementation actually I > wonder why it is so hard if you want to start working with them. > Something like "read docs, download, build examples, run examples, try > to understand what the examples are doing, using it in your own > project" won't work in both projects, IMHO. > > But I think this is a general problem if you only have specification > and no reference implementation (RI) and technology compatibility kit > (TCK). A specification like OpenID or OAuth give us a lot of different > interpretations. Without a real RI and its TCK, it will be very > difficult for a beginner like me to directly jump into the topic. > > Thanks, > Lofi.http://lofidewanto.blogspot.com > > On 4 Jul., 14:22, Monis <[email protected]> wrote: > > > John Kristian would be the right person to answer your queries, > > however I can share my experiences with the library. > > I compared both SignPost and the official library for Java, both look > > good, however the only concern is the recent changes due to OAuth 1.0a > > and major refactorings. We are using the official one for our SP and > > SignPost for our consumers. > > > Official library claims to support OAuth 1.0a but several things are > > missing e.g. Callback URL changes, OAuth verifier etc. On the other > > hand SignPost is handling all this. > > For the SP, we manually built our project with source (not binaries > > and also without Maven), the core packages are good enough. We took > > the usage examples and modified them to support OAuth 1.0a, 3 and 2 > > legged flow. > > > To answer you concisely: > > - stability - You definitely need changes to support the full > > functionality > > - both provide the functionality for both 2, 3-legged OAuths but you > > will have to wire things for yourself (i.e. the flow). > > - yes, Signpost is simpler in that sense. > > > Thanks, > > Monis Iqbal > > > On Jul 4, 4:36 am, "Dr. Jawa" <[email protected]> wrote: > > > > Hi All > > > > I would like to know the status of the OAuth Java library... > > > - Is it already stable? > > > - Does it support 3- and 2-legged spec/draft? > > > - Can I download a binary version (no need to checkout from SVN and > > > compiling it by myself)? > > > > Thanks, > > > Lofi. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
