On Wed, May 14, 2008 at 5:33 PM, Brian Eaton <[EMAIL PROTECTED]> wrote:
> On Wed, May 14, 2008 at 10:12 AM, Kevin Brown <[EMAIL PROTECTED]> wrote: > > The default OAuthStore should work "out of the box" with the default > > encrypted SecurityToken, but the current wiring still requires that you > > modify some code to force the SecurityToken to use real crypto instead of > > the plain text form. > > If I write a servlet that mints encrypted security tokens and make the > sample container use it, would the shindig team accept the > contribution? > Of course we'd accept the contribution, but I think that this belongs in the metadata servlet rather than as a separate service; that allows the container to make a single request rather than multiple. In a real production situation, the minting process can be wired to only work for internal requests so that it can't be used to make arbitrary requests.
