[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OAUTH-WG] Reevaluating Assumptions (Important!)

From: Brian Eaton <beaton at google.com>
To: George Fletcher <gffletch at aol.com>
Cc: "oauth at ietf.org" <oauth at ietf.org>
Date: Thu, 1 Oct 2009 21:00:39 -0700
In-reply-to: <4AC56AE2.1030302 at aol.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343784D584F7 at P3PW5EX1MB01.EX1.SECURESERVER.NET> <4AC56AE2.1030302 at aol.com>

On Thu, Oct 1, 2009 at 7:52 PM, George Fletcher <gffletch at aol.com> wrote:
> One use case (I think I saw it mentioned somewhere else on the list) where
> we've used the URI parameters is when we want the server to sign a URL and
> then pass that signed value to the browser to load. This can be done with a
> simple 302 and the signed URL. Switching to just supporting the
> Authorization header will make this more difficult but probably not
> impossible.

Yep.  I've seen that done multiple places.

One more unexpected use of OAuth...

Follow-Ups:
- Re: [OAUTH-WG] Reevaluating Assumptions (Important!)
  - From: Eran Hammer-Lahav

References:
- [OAUTH-WG] Reevaluating Assumptions (Important!)
  - From: Eran Hammer-Lahav
- Re: [OAUTH-WG] Reevaluating Assumptions (Important!)
  - From: George Fletcher

Prev by Date: Re: [OAUTH-WG] Proposal for a New 2617 Scheme: Token
Next by Date: Re: [OAUTH-WG] Reevaluating Assumptions (Important!)
Previous by thread: Re: [OAUTH-WG] Reevaluating Assumptions (Important!)
Next by thread: Re: [OAUTH-WG] Reevaluating Assumptions (Important!)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.