• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Social distancing? Try a better way to work remotely on your online files. Dokkio, a new product from PBworks, can help your team find, organize, and collaborate on your Drive, Gmail, Dropbox, Box, and Slack files. Sign up for free.



Page history last edited by Chris Messina 12 years, 8 months ago






  1. review draft
  2. interop/code




  • diff 107 to trunk
  • need best practices for web site...
    • include mobile stuff... callback URLs
  • be sure to call out that oauth spec is in UTF-8
  • best practice for nonce + timestamp
  • EHL doesn't like timestamps plus nonces being used as parameters
  • removed: The Service Provider MAY include two machine-readable tags in its human-readable instructions to the User. If included, both tags MUST be added in the element of the HTML document:


<meta name=\"oauth_result\" content=\"true\" />

<meta name=\"oauth_token\" content=\"request_token\" />


  • PKI/RSA coming later ... extensions may come later...
  • do generic stuff and then specific signing algorithms, besides plaintext... call out plaintext separately as extension...
  • treat all parameters as equal... add oauth_signature ... don't specify
  • we'll leave sig stuff and email eran the stuff we want for sig...
  • md5 is an extension outside of spec like PKI, SOAP header...
  • marc will go through and make sure that we can write tests for every MUST or SHOULD
  • marc will write security considerations document... should this be part of spec?
  • termie, PHP... leah, python... blaine, ruby... aaron straupe cope, perl... need can has code review?
  • blaine's code will lead to ruby plugin...

Comments (0)

You don't have permission to comment on this page.