How about using draft-hardt-oauth-wrap and adding a section for how the Client can sign?
-- Dick On 2010-02-04, at 11:28 PM, Eran Hammer-Lahav wrote: > On the call today I clarified what is going on with all the different drafts. > In brief: > > draft-hammer-oauth - documentation of the OAuth 1.0 Rev A (with changes) > protocol. This is done and should be approved by the IESG shortly for > publication. > > draft-ietf-oauth-authentication - the part of OAuth 1.0 dealing with 'how to > use a token after you obtain it'. > draft-ietf-oauth-web-delegation - the part of OAuth 1.0 rev A dealing with > 'getting a token'. > > draft-hammer-http-token-auth - an alternative proposal (meant to replace > draft-ietf-oauth-authentication) which builds on top of OAuth 1.0 but cleans > up the structure and removes the client credentials when accessing protected > resources. It also changes how the request is normalized into a string before > signing. > > We have three options for moving forward with 'how to use a token'. Start > with: > > 1. draft-ietf-oauth-authentication > 2. draft-hammer-http-token-auth > 3. something else* > > * Do not suggest something else unless you are going to submit a proposal. It > doesn't have to be an I-D, I am happy to do the editorial work but I will > need a detailed proposal that is enough to turn into a specification. > > Pick. > > EHL > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
