Attendees
At Twitter... LeahCulver, BrittSelvitelle, BlaineCook, ChrisMessina, DaveRecordon...
- joining by phone... AndySmith, Eran Hammer-Lahav...
- website
- faq
- larry will host it...
- blaine will setup DNS
- outstanding questions
- use the google code repository for code... and force an IPR statement...
- IPR...
- ben laurie's contributions...
- anyone who has contributed should sign the IPR policy
- aug 31 deadline for spec
- need to setup test server for compliance; test client...
- no language token in the spec
- google wants it... servers and browsers already do this... why not put it in a consistent place?
- better to put it in conventions document...
- language as optional parameter; clients can ignore it
- version parameter?
- specified on v2 and above; not in the spec...
- on desktop side -- where we don't have a username/password for a user...
- for web, avoiding entering username/password in third party service
- token exchange
- make use of OpenID library exchange?
- authsub has insecure mode... "we need something easy for developers that doesn't require pre-registration"
- authsub has secure mode... preregister private key... all pub requests signed with private key...
- pass token in cleartext but use SSL... w/o SSL use Diffie-Hellman but know that there could be a MINM attack
- should there be some standard way for sites to do this key value pair signing? per-token seems like a good idea... wesabe... mike megursky... digg doesn't want to have concept of consumer...
- signing...
- promote the use of HMAC-SHA1
- for backwards compatibility use SHA1
- encode your secrets and parameters the same way...
- how does this map to all the other protocols/auths? create a comparison chart... how is it different? why?
- larry and blaine will get client side code...
- leah is doing python
- dave will do perl
- google will do java, HMAC libraries
- justin miller could do pukka oauth implementation
- craig hockenberry should write twitterific + magnolia cocoa client libraries
Comments (0)
You don't have permission to comment on this page.