> just to follow up on this, we're working on an oauth 2.0  
> implementation (of which we are contributors/authors to the spec).   
> that does have a profile which makes it possible to write JavaScript  
> oauth clients without compromising the keys.  I can't give a date yet,  
> however, as the spec is not even finalized yet.  if people are  
> interested, I can circulate a URL to the draft.

However, if that does not occur prior to the Basic Auth drop-dead date, then
there will have to be some measure of 'key compromise' in open source clients.
Currently I have no choice but to minimally obfuscate my secret in TTYtter,
while documenting I know full well it will be trivially easy to recover (or
have the user create their own xAuth-enabled key/secret pair, which I'm sure
many users will balk at).

------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse -

To unsubscribe, reply using "remove me" as the subject.

Reply via email to