2010/1/14 Eran Hammer-Lahav <[email protected]>:
> QUESTION: Do you prefer:
>
> A. Directly processing the HTTP request into a base string for signing
> (draft-hammer-oauth style).
> B. Treating the request as an API call with form-encoded parameters (OAuth
> 1.0 style).
> C. Converting the request into a normalized message and signing that (Eaton
> style).

For protocol independence of presenting a token + signed message, (C).
I wonder if John Panzer's recent proposal for Salmon [1] could be
adapted to use (C) elegantly? I think Salmon/PSHB is an interesting
use-case for delegated authorization and subsequent authentication,
and as such might be a good place to think about approaches like
Brian's.

b.

[1] http://www.abstractioneer.org/2010/01/magic-signatures-for-salmon.html
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to