|Why did Amazon Web Services choose a proprietary HMAC?||Andrei Neculau||10/9/12 4:09 AM|
#1 Why allow HTTP, rather than limiting to HTTPS ?
#2 And if they were to limit themselves to HTTPS, would they still create their proprietary HMAC, instead of OAuth or BasicAuth+SSL ?
|Re: [api-craft] Why did Amazon Web Services choose a proprietary HMAC?||Greg Brail||10/9/12 8:11 AM|
I don't work there but:
S3 (which was one of their very first APIs if not the first) lets you upload and download gigantic files and I presume that they figured the cost, quite a few years ago, of doing this with SSL would be prohibitive.
Their longest-lived APIs like S3 were in production a few years before OAuth was invented.
Gregory Brail | Technology | Apigee