On 2012-09-13 19:20, Peter Saint-Andre wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/11/12 4:24 PM, Lance Stout wrote:
It's a bit annoying that they add an extra attribute to the <auth
/> element, because it adds a special case to check in what would
ideally be a fully generic implementation. Fortunately, it doesn't
seem to be required for now.
Namespaced attributes can also be problematic, and as an author of RFC
6648 I really don't like the name "X-OAUTH2".
One hopes that they might eventually migrate to the standardized
mechanism being defined at the IETF:
http://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/
In this light, the fact that X-GOOGLE-TOKEN and PLAIN will be deprecated
soonish [1] is very interesting. I'd hope we can convince them to do
this the standard way before clients have to implement their botched
version.
[1]
<http://googledevelopers.blogspot.nl/2012/09/adding-oauth-20-support-for-imapsmtp.html>
--
ralphm
