This wiki is no longer active and is left here for historical purposes. Please visit oauth.net for up-to-date information.
View
 

MeetingNotes20070918

Page history last edited by Chris Messina 10 years, 4 months ago

Attendees

 

 

Goals

 

  1. review draft
  2. interop/code

 

Notes

 

  • diff 107 to trunk
  • need best practices for web site...
    • include mobile stuff... callback URLs
  • be sure to call out that oauth spec is in UTF-8
  • best practice for nonce + timestamp
  • EHL doesn't like timestamps plus nonces being used as parameters
  • removed: The Service Provider MAY include two machine-readable tags in its human-readable instructions to the User. If included, both tags MUST be added in the element of the HTML document:

 

<meta name=\"oauth_result\" content=\"true\" />

<meta name=\"oauth_token\" content=\"request_token\" />

 

  • PKI/RSA coming later ... extensions may come later...
  • do generic stuff and then specific signing algorithms, besides plaintext... call out plaintext separately as extension...
  • treat all parameters as equal... add oauth_signature ... don't specify
  • we'll leave sig stuff and email eran the stuff we want for sig...
  • md5 is an extension outside of spec like PKI, SOAP header...
  • marc will go through and make sure that we can write tests for every MUST or SHOULD
  • marc will write security considerations document... should this be part of spec?
  • termie, PHP... leah, python... blaine, ruby... aaron straupe cope, perl... need can has code review?
  • blaine's code will lead to ruby plugin...

Comments (0)

You don't have permission to comment on this page.