Re: [OAUTH-WG] GOOG1

Marius Scurtescu <mscurtescu@google.com> Wed, 27 October 2010 19:55 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8CB63A680A for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 12:55:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.782
X-Spam-Level:
X-Spam-Status: No, score=-105.782 tagged_above=-999 required=5 tests=[AWL=0.195, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axM8x4H4Yyf4 for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 12:55:56 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 4AE7E3A69A1 for <oauth@ietf.org>; Wed, 27 Oct 2010 12:55:55 -0700 (PDT)
Received: from hpaq6.eem.corp.google.com (hpaq6.eem.corp.google.com [172.25.149.6]) by smtp-out.google.com with ESMTP id o9RJviwc012518 for <oauth@ietf.org>; Wed, 27 Oct 2010 12:57:44 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1288209465; bh=Ly8KLRWDU6WT95eiZxaaCKJNXfY=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=LQuqKWpsfNIZkHEzZh8tEmNB6K4JAhuoIi/4yNZPAxHVklvSR7nALGX/Fxjmb2TaF +Bt+NxhcO7CC879SgEtKg==
Received: from yxm34 (yxm34.prod.google.com [10.190.4.34]) by hpaq6.eem.corp.google.com with ESMTP id o9RJvOB9000467 for <oauth@ietf.org>; Wed, 27 Oct 2010 12:57:43 -0700
Received: by yxm34 with SMTP id 34so794141yxm.14 for <oauth@ietf.org>; Wed, 27 Oct 2010 12:57:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=ZYdE80k19LTZKqjTvg/F6mLQg7u+Oq3gXZfaQajBl1A=; b=olAKOH2CTk7/UdRlmEXCGd/tFJ//bw2QzzOUUzjGLn3nvTMxUpCrXzhJlWuyyHwb9d GmXptuqWhnde2Lv4mhdA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=QT/ugXC5ltkKR/ad4FWOCeIZBIgkaH5XPkCXez9x1QSf1ZQTKr9h69s9vR3ZTn43YU fLmYjxJHAAoB1k1AB+Uw==
Received: by 10.100.206.20 with SMTP id d20mr1435134ang.34.1288209462227; Wed, 27 Oct 2010 12:57:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.240.19 with HTTP; Wed, 27 Oct 2010 12:57:22 -0700 (PDT)
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E112705633B6@WSMSG3153V.srv.dir.telstra.com>
References: <255B9BB34FB7D647A506DC292726F6E112705633B6@WSMSG3153V.srv.dir.telstra.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Wed, 27 Oct 2010 12:57:22 -0700
Message-ID: <AANLkTinjYqvddJtb0=a5gtJezVu+AK30rGpVhS-GdMWe@mail.gmail.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
Content-Type: text/plain; charset=ISO-8859-1
X-System-Of-Record: true
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] GOOG1
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2010 19:55:56 -0000

Hi James,

Finally got around to get an answer for your question:

"GOOG1 is an authentication scheme specific to Google Storage for
Developers, and is designed to provide interoperability with a large
number of cloud storage tools and libraries that work with services
such as Amazon Simple Storage Service (Amazon S3) and Eucalyptus
Systems, Inc.

We do not foresee this authentication scheme forming the basis of an
OAuth signature scheme."

Hope that helps.

Cheers,
Marius



On Thu, Oct 14, 2010 at 4:29 PM, Manger, James H
<James.H.Manger@team.telstra.com> wrote:
> I noticed that a new HTTP authentication scheme has been defined: GOOG1.
>
> http://code.google.com/apis/storage/docs/developer-guide.html#authentication
>
>
>
> Is this a candidate for the signature spec?
>
> It should be the sort of scheme that OAuth core can provide credentials for
> (access key & secret) without the scheme needing to know about OAuth.
>
>
>
> [It is an HMAC-SHA1; carried in the Authorization header; calculated over
> the method (eg GET), date, content-type, URI path (but not host or scheme),
> MD5-hash of request body (optional), and some proprietary headers (eg
> access-control details). It looks very similar to the Amazon S3 scheme.]
>
>
>
>
>
> --
>
> James Manger
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>