IETF Logo Mail Archive

Re: [OAUTH-WG] Basic signature support in the core specification

Justin Richer <jricher@mitre.org> Fri, 24 September 2010 13:35 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49C993A6B8A for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 06:35:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.49
X-Spam-Level:
X-Spam-Status: No, score=-6.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvvpLn8s9Op8 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 06:35:57 -0700 (PDT)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id C60FE3A6B80 for <oauth@ietf.org>; Fri, 24 Sep 2010 06:35:55 -0700 (PDT)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o8ODaP2x025601 for <oauth@ietf.org>; Fri, 24 Sep 2010 09:36:26 -0400
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o8ODaPZU025594; Fri, 24 Sep 2010 09:36:25 -0400
Received: from [129.83.50.65] (129.83.50.65) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server id 8.2.254.0; Fri, 24 Sep 2010 09:36:25 -0400
From: Justin Richer <jricher@mitre.org>
To: Eran Hammer-Lahav <eran@hueniverse.com>
In-Reply-To: <C8C15057.3AC64%eran@hueniverse.com>
References: <C8C15057.3AC64%eran@hueniverse.com>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 24 Sep 2010 09:36:25 -0400
Message-ID: <1285335385.15179.93.camel@localhost.localdomain>
MIME-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Basic signature support in the core specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 13:35:59 -0000

I would like to see the signatures stay in a separate spec, but to be
worked on and released along side of the core spec. 

In fact, I think that there's more than one kind of "signature" that can
be used with the OAuth token mechanisms. At IIW East, we walked through
several use cases that called for different kinds of signatures to
support them: signed tokens and signed requests. I have direct uses for
the signed request mechanism (a la OAuth 1.0, 2-legged and otherwise),
and I have seen others with compelling use cases for signed tokens.

 -- Justin

On Thu, 2010-09-23 at 21:43 -0400, Eran Hammer-Lahav wrote:
> Since much of this recent debate was done off list, I'd like to ask people
> to simply express their support or objection to including a basic signature
> feature in the core spec, in line with the 1.0a signature approach.
> 
> This is not a vote, just taking the temperature of the group.
> 
> EHL
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email