I noticed that a new HTTP authentication scheme has been defined: GOOG1. http://code.google.com/apis/storage/docs/developer-guide.html#authentication
Is this a candidate for the signature spec? It should be the sort of scheme that OAuth core can provide credentials for (access key & secret) without the scheme needing to know about OAuth. [It is an HMAC-SHA1; carried in the Authorization header; calculated over the method (eg GET), date, content-type, URI path (but not host or scheme), MD5-hash of request body (optional), and some proprietary headers (eg access-control details). It looks very similar to the Amazon S3 scheme.] -- James Manger
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
