W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

OAuth and HTTP proxies

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Mon, 9 Mar 2009 22:44:24 -0700
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
CC: "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723425023C6EEF@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Can someone please review the OAuth spec [1], in particular section 3.3.1.3, to help determine if the way OAuth signs requests is compatible with HTTP proxies?

OAuth signs the request URI based on either the content of the Host header or the actual hostname and port used to make the request. It was written with total disregard to proxies and caches. I am trying to find out if it breaks or breaks something else.

EHL

[1] http://tools.ietf.org/html/draft-hammer-oauth-01
Received on Tuesday, 10 March 2009 05:45:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:01 GMT