W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Duplicating request component in an HTTP authentication scheme

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Sun, 30 May 2010 19:19:24 +0200
To: Eran Hammer-Lahav <eran@hueniverse.com>
Cc: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <1275239964.2358.57.camel@henriknordstrom.net>
tor 2010-05-27 klockan 16:11 -0700 skrev Eran Hammer-Lahav:
> The OAuth working group is debating how to make signed authenticated
> requests. The two main questions is what do sign, and what to sign it
> with. On the 'what to sign part' we know we want to sign the request
> URI, HTTP method, and host name (among other cryptographic attributes
> such as timestamp Tand nonce).

Sounds almost like HTTP Digest auth to me..

Regards
Henrik
Received on Sunday, 30 May 2010 17:20:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:19 GMT