Re: [OAUTH-WG] Implementing MAC bearer

[William Mills <wmills at yahoo-inc.com>]

It's designed to be a form of HTTP auth independent of OAuth 2.0, however you get your credentials you can still use it.  OAuth 2.0 auth bindings are defined but not required.

---

From: Erlend Hamnaberg <ngarthl at gmail.com>
To: Eran Hammer <eran at hueniverse.com>
Cc: "OAuth at ietf.org" <OAuth at ietf.org>
Sent: Thursday, February 9, 2012 12:11 AM
Subject: Re: [OAUTH-WG] Implementing MAC bearer

Great. Thanks.

One question:

 Is it possible to use mac tokens in a non-OAuth setting?

How would a UA get the MAC id and algorithm then?

The old spec had a version where you could use Cookies to do this.

Is there a reason why this couldn't work as with Digest authentication?

-E

On Wed, Feb 8, 2012 at 11:59 PM, Eran Hammer <eran at hueniverse.com> wrote:

New draft:

 

http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01

 

EH

 

 

From: oauth-bounces at ietf.org [mailto:oauth-bounces at ietf.org] On Behalf Of Erlend Hamnaberg
Sent: Tuesday, February 07, 2012 11:02 AM
To: OAuth at ietf.org

Subject: [OAUTH-WG] Implementing MAC bearer

 

Hi guys and gals.

 

I am trying to implement the MAC bearer within a client library.

 

Searching the Archive I find that the current draft version of the MAC bearer is incorrect.

 

For instance the body-hash is no longer supported. Is there a new draft planned soon?

For implementers there would be great help in more examples. 

That way we can write test cases which conforms to the spec more easily.

 

Best regards

 

Erlend

_______________________________________________
OAuth mailing list
OAuth at ietf.org
https://www.ietf.org/mailman/listinfo/oauth