It is only a bug in the sense that the 'POST' limitation was put in there at some point without an actual explicit consensus. What this means is that as the spec editor I do not have an recollection that we put it there for a reason, and it is obviously creating problems. It was not the authors' intentions to exclude PUT, DELETE, HEAD, etc.
But since there was never a consensus call here to fix it, the official specification is still restricted. It will take at least 4 months for the IETF specification to reach a stable place. If you want to help speed things along please do join the [email protected] list. We need more activity there, and raising such issues is exactly what we need. If there is appetite here, we can do a quick errata for Core 1.0a. Should be pretty easy to do. I already listed all the known bugs in the history of the IETF documents. EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Hannes Tydén > Sent: Thursday, September 17, 2009 3:24 AM > To: OAuth > Subject: [oauth] Re: Signing PUT request > > > On Sep 17, 9:55 am, Eran Hammer-Lahav <[email protected]> wrote: > > OAuth Core 1.0 (or a) does *not* include PUT body parameters in the > signature base string. That is a bug which I already fixed a while back > in the very first I-D: > > Re-reading you post made me realize that this _is_ a bug is in the 1.0 > spec. What is the outlook to when the spec submitted to the IETF to be > an official spec? > > Thanks, > Hannes > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
