- From: Ben Laurie <benl@google.com>
- Date: Tue, 12 Oct 2010 12:56:40 +0100
- To: David Recordon <davidrecordon@facebook.com>
- Cc: Harry Halpin <hhalpin@ibiblio.org>, Chris Messina <chris.messina@gmail.com>, Eran Hammer-Lahav <eran@hueniverse.com>, "public-xg-socialweb@w3.org" <public-xg-socialweb@w3.org>, Eric Sachs <esachs@google.com>, Brian Kissel <bkissel@janrain.com>, Luke Shepard <lshepard@facebook.com>
On 11 October 2010 23:24, David Recordon <davidrecordon@facebook.com> wrote: >> While OAuth 1.0 is highly successful, the process of generating and >> managing the various tokens was considered difficult by many >> developers, so the IETF draft standard OAuth 2.0 simplifies the > > Really it was the process of generating signatures that was too difficult. Thought OAuth 2.0 also simplifies the number of tokens as well. Disagree. What was actually too difficult, apparently, was for those who wanted people to use OAuth to provide libraries that did the (inherently tricky) crypto/escaping work needed to produce correct signatures. OAuth seems to be unique amongst security protocols in expecting everyone to bake it themselves.
Received on Tuesday, 12 October 2010 11:57:10 UTC