Re: Duplicating request component in an HTTP authentication scheme from Henrik Nordström on 2010-05-30 (ietf-http-wg@w3.org from April to June 2010)

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Sun, 30 May 2010 19:19:24 +0200
To: Eran Hammer-Lahav <eran@hueniverse.com>
Cc: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <1275239964.2358.57.camel@henriknordstrom.net>

tor 2010-05-27 klockan 16:11 -0700 skrev Eran Hammer-Lahav:
> The OAuth working group is debating how to make signed authenticated
> requests. The two main questions is what do sign, and what to sign it
> with. On the 'what to sign part' we know we want to sign the request
> URI, HTTP method, and host name (among other cryptographic attributes
> such as timestamp Tand nonce).

Sounds almost like HTTP Digest auth to me..

Regards
Henrik

Received on Sunday, 30 May 2010 17:20:00 UTC