On Tue, 2010-02-09 at 09:15 -0700, Eran Hammer-Lahav wrote: > http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html > > This is relevant to our discussion about how to apply signatures to HTTP > requests.
Just to get the ball rolling then, if OAuth were to adopt magic signatures for its requests, then I think the ramifications would be: 1. Payload would need to be embedded in the data element of the signature, so we'd be duplicating payload to support digital signatures. 2. Some standardization of signer identifier (in the decoded data element) would need to be selected. 3. Presumably we would not be using LRDD/XRD to discover the public key of the signer, but rather use the key that server issues to client? Paul > > EHL > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
