This wiki is no longer active and is left here for historical purposes. Please visit for up-to-date information.


Page history last edited by Chris Messina 10 years, 4 months ago






  1. review draft
  2. interop/code




  • diff 107 to trunk
  • need best practices for web site...
    • include mobile stuff... callback URLs
  • be sure to call out that oauth spec is in UTF-8
  • best practice for nonce + timestamp
  • EHL doesn't like timestamps plus nonces being used as parameters
  • removed: The Service Provider MAY include two machine-readable tags in its human-readable instructions to the User. If included, both tags MUST be added in the element of the HTML document:


<meta name=\"oauth_result\" content=\"true\" />

<meta name=\"oauth_token\" content=\"request_token\" />


  • PKI/RSA coming later ... extensions may come later...
  • do generic stuff and then specific signing algorithms, besides plaintext... call out plaintext separately as extension...
  • treat all parameters as equal... add oauth_signature ... don't specify
  • we'll leave sig stuff and email eran the stuff we want for sig...
  • md5 is an extension outside of spec like PKI, SOAP header...
  • marc will go through and make sure that we can write tests for every MUST or SHOULD
  • marc will write security considerations document... should this be part of spec?
  • termie, PHP... leah, python... blaine, ruby... aaron straupe cope, perl... need can has code review?
  • blaine's code will lead to ruby plugin...

Comments (0)

You don't have permission to comment on this page.