On Wed, Jul 21, 2010 at 1:26 AM, Nat Sakimura sakim...@gmail.com wrote:
Hi Dirk,
Inline:
On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz balf...@google.com wrote:
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
Hi Dirk,
I have some questions
I apologize since I have a feeling that this decision was made long ago but
I'd like to understand...
OAuth 1.0 had a secret associated with every token and used an HMAC to
generate the signature. So, there is no way for an intermediary to see the
token secret, regardless of whether SSL is
'
*Subject:* RE: [OAUTH-WG] signatures, v2
I apologize since I have a feeling that this decision was made long ago but
I'd like to understand...
OAuth 1.0 had a secret associated with every token and used an HMAC to
generate the signature. So, there is no way for an intermediary to see the
token
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
tors...@lodderstedt.net mailto:tors...@lodderstedt.net wrote:
Hi Dirk,
I have some questions concerning your proposal:
- As far as I understand, the difference to magic signatures
lays in the usage of a JSON token carrying
Hi Dirk,
Inline:
On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz balf...@google.com wrote:
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
Hi Dirk,
I have some questions concerning your proposal:
- As far as I understand, the difference to magic
On Wed, Jul 21, 2010 at 5:26 PM, Nat Sakimura sakim...@gmail.com wrote:
Hi Dirk,
Inline:
On Tue, Jul 20, 2010 at 9:22 AM, Dirk Balfanz balf...@google.com wrote:
On Sun, Jul 18, 2010 at 8:20 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
Hi Dirk,
I have some questions
On 16 July 2010 01:43, Dirk Balfanz balf...@google.com wrote:
Hi guys,
after reading through the feedback, we did a pass over the OAuth signature
proposals.
As a reminder, there are three documents:
- a document (called JSON Tokens) that just explains how to sign something
and verify the
On Wed, Jul 21, 2010 at 8:27 PM, Ben Laurie b...@google.com wrote:
On 16 July 2010 01:43, Dirk Balfanz balf...@google.com wrote:
Hi guys,
after reading through the feedback, we did a pass over the OAuth signature
proposals.
As a reminder, there are three documents:
- a document (called JSON
Hi Dirk,
I have some questions concerning your proposal:
- As far as I understand, the difference to magic signatures lays in
the usage of a JSON token carrying issuer, not_before, not_after and
audience. While such properties are important for security tokens
(assertions), I cannot see an
On 2010-07-15, at 6:45 PM, Naitik Shah wrote:
On Thu, Jul 15, 2010 at 5:43 PM, Dirk Balfanz balf...@google.com wrote:
One question: What's the deal with having the signature go first? If you can
explain to me why that is a good idea, I'm happy to oblige.
When we were talking about
10 matches
Mail list logo