2010/1/14 Eran Hammer-Lahav <[email protected]>: > QUESTION: Do you prefer: > > A. Directly processing the HTTP request into a base string for signing > (draft-hammer-oauth style). > B. Treating the request as an API call with form-encoded parameters (OAuth > 1.0 style). > C. Converting the request into a normalized message and signing that (Eaton > style).
For protocol independence of presenting a token + signed message, (C). I wonder if John Panzer's recent proposal for Salmon [1] could be adapted to use (C) elegantly? I think Salmon/PSHB is an interesting use-case for delegated authorization and subsequent authentication, and as such might be a good place to think about approaches like Brian's. b. [1] http://www.abstractioneer.org/2010/01/magic-signatures-for-salmon.html _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
