> just to follow up on this, we're working on an oauth 2.0 > implementation (of which we are contributors/authors to the spec). > that does have a profile which makes it possible to write JavaScript > oauth clients without compromising the keys. I can't give a date yet, > however, as the spec is not even finalized yet. if people are > interested, I can circulate a URL to the draft.
However, if that does not occur prior to the Basic Auth drop-dead date, then there will have to be some measure of 'key compromise' in open source clients. Currently I have no choice but to minimally obfuscate my secret in TTYtter, while documenting I know full well it will be trivially easy to recover (or have the user create their own xAuth-enabled key/secret pair, which I'm sure many users will balk at). -- ------------------------------------ personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse - -- To unsubscribe, reply using "remove me" as the subject.
