IETF Logo Mail Archive

Re: [OAUTH-WG] Understanding how OpenSocial uses OAuth 1.0a

Brian Eaton <beaton@google.com> Tue, 16 March 2010 18:28 UTC

Return-Path: <beaton@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F26913A63D3 for <oauth@core3.amsl.com>; Tue, 16 Mar 2010 11:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.977
X-Spam-Level:
X-Spam-Status: No, score=-101.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p5dO+iBsqEux for <oauth@core3.amsl.com>; Tue, 16 Mar 2010 11:28:26 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id 8822B3A697D for <oauth@ietf.org>; Tue, 16 Mar 2010 11:27:38 -0700 (PDT)
Received: from wpaz13.hot.corp.google.com (wpaz13.hot.corp.google.com [172.24.198.77]) by smtp-out.google.com with ESMTP id o2GIRfWr012634 for <oauth@ietf.org>; Tue, 16 Mar 2010 19:27:46 +0100
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1268764066; bh=Om8lhmQ3c9QQYVIDRe3Fj9w91yw=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=qJ4o56pxyGIEAo1HDY7meHzGhtXaL5ZieZPNOhAUPkcjFFa+mE2Q84jPPrz4YanlN mPn+5rX83JDj8ah8rQhTQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=E32WY/PAt2nNjnTsh1XINm9PohgJkKNviGxw3lb+CDmY+QXplgvc/hOVrXjW21urw AUAK7lq/AE6burFzJ76dA==
Received: from vws1 (vws1.prod.google.com [10.241.21.129]) by wpaz13.hot.corp.google.com with ESMTP id o2GIRF8e016976 for <oauth@ietf.org>; Tue, 16 Mar 2010 11:27:41 -0700
Received: by vws1 with SMTP id 1so94714vws.6 for <oauth@ietf.org>; Tue, 16 Mar 2010 11:27:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.48.143 with SMTP id r15mr19650vcf.95.1268764060490; Tue, 16 Mar 2010 11:27:40 -0700 (PDT)
In-Reply-To: <fd6741651003161112y2eceb494ue28db2644ba1d32a@mail.gmail.com>
References: <fd6741651003161112y2eceb494ue28db2644ba1d32a@mail.gmail.com>
Date: Tue, 16 Mar 2010 11:27:40 -0700
Message-ID: <daf5b9571003161127o47cfb166ncf907b7f1bde960d@mail.gmail.com>
From: Brian Eaton <beaton@google.com>
To: David Recordon <recordond@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Understanding how OpenSocial uses OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 18:28:27 -0000

On Tue, Mar 16, 2010 at 11:12 AM, David Recordon <recordond@gmail.com> wrote:
> Kevin Marks has been bugging me for awhile to understand how
> OpenSocial makes use of two-legged OAuth.  I reached out to the team
> and here's their description (via Evan Gilbert).  In general it seems
> like they're more making use of OAuth's RSA signature mechanism rather
> than the user authorization and access token flows.

It's not just opensocial.  This is more or less what Microsoft is
doing with Simple Web Tokens, and there are some other Google use
cases as well.

Cheers,
Brian

v2.23.0 | Report a Bug | By Email