P.S. for #3, I meant to be for the symmetric-key cases. On Tue, 2010-02-09 at 08:36 -0800, Paul C. Bryan wrote: > On Tue, 2010-02-09 at 09:15 -0700, Eran Hammer-Lahav wrote: > > http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html > > > > This is relevant to our discussion about how to apply signatures to HTTP > > requests. > > Just to get the ball rolling then, if OAuth were to adopt magic > signatures for its requests, then I think the ramifications would be: > > 1. Payload would need to be embedded in the data element of the > signature, so we'd be duplicating payload to support digital signatures. > > 2. Some standardization of signer identifier (in the decoded data > element) would need to be selected. > > 3. Presumably we would not be using LRDD/XRD to discover the public key > of the signer, but rather use the key that server issues to client? > > Paul > > > > > EHL > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
