Hi Brian,
2008/10/8 Brian Eaton <[EMAIL PROTECTED]>: > On Fri, Oct 3, 2008 at 10:46 AM, Eiji Kitamura <[EMAIL PROTECTED]> wrote: >> The spec still says that public key is presented with >> xoauth_public_key while Brian recommends and Shindig's actually using >> xoauth_signature_publickey. Which way should we go? > > Shindig should switch to xoauth_public_key. In the same thread you told me that: On Tue, Sep 16, 2008 at 11:26 PM, Eiji Kitamura <[EMAIL PROTECTED]> wrote: >> [2] xoauth_public_key >> >> According to following proposal: >> http://dirk.balfanz.googlepages.com/oauth_key_rotation.html >> >> Public Key Identifier should be specified using "xoauth_public_key". >> Same on google code gadgets site. >> But actual implementation in Shindig seems like using >> "xoauth_signature_publickey". >> >> Which is correct or should they be treated differently? > > I think we should change the spec to use xoauth_signature_publickey, > since that's what real world implementations have done. If there's > consensus on shindig-dev I'll send that proposal to the spec list. Is xoauth_public_key the last answer? :) >>> Is this still case? >>> Shindig implements it on "http://container-hostname/public.cer"; (on PHP). >>> >>> I can't find public key for iGoogle which xoauth_signature_publickey >>> is pub.1199819524.-1556113204990931254.cer I received via OAuth >>> request. Key on following page didn't work: >>> https://sites.google.com/site/oauthgoog/oauth-proxy > > iGoogle and Orkut haven't implemented that part of the opensocial spec. > OK. I understand that https://container-hostname/opensocial/certificates/xoauth_public_keyvalue is the right place to hold public key in terms of specification and is still not implemented in shindig.
