(Please discuss this draft on the Apps-Discuss <[email protected]> mailing list)
http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token While this document has moved to the Apps-Discuss mailing list for the time being, I wanted to give a quick update to those who have been following this draft which originated on this list. The major changes since -02 are: * Removed OAuth terminology and association. The draft is now a general purpose HTTP authentication scheme. It does include an OAuth 2.0 binding which is described in less than a page. One suggestion would be to move section 5.1 into the OAuth specification and drop all the OAuth 2.0 text from the MAC draft. * Added 'Set-Cookie' extension for using MAC with session cookies. * Removed request URI query normalization. The new draft uses the raw request URI unchanged. * Replaced timestamps with credentials age to remove the need for clock sync. * Added a placeholder for extension, allowing random text to be included in the request and MAC. * Added issuer attribute for identifying the source of the credentials as an additional protection. Draft -04 is not compatible with previous drafts. EHL _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
