It sounds like it's specifying *almost* the same thing, but in a different way. Why is there friction? Is it fashion, NIH or something more substantial?
Cheers, On 20/11/2011, at 4:08 AM, Eran Hammer-Lahav wrote: > > >> -----Original Message----- >> From: Mark Nottingham [mailto:[email protected]] >> Sent: Tuesday, May 31, 2011 4:57 PM > >> The "normalized request string" contains the request-URI and values >> extracted from the Host header. Be aware that intermediaries can and do >> change these; e.g., they may change an absolute URI to a relative URI in the >> request-line, without affecting the semantics of the request. See [1] for >> details (it covers other problematic conditions too). >> >> It would be more robust to calculate an effective request URI, as in [2]. >> [2] http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-4.3 > > Using the effective request URI has proved to be a significant point of > friction in OAuth 1.0. I would rather note that intermediaries can change the > request URI and that the server must reverse those changes based on what the > values should have been if they were received from the client directly. > > EHL -- Mark Nottingham http://www.mnot.net/ _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
