new draft published
7 views
Skip to first unread message
Brian Eaton
Nov 24, 2009, 9:15:32 PM11/24/09
to oauth-key...@googlegroups.com
I just published a fresh draft of the oauth key discovery work.
Comments welcome:
http://oauth-key-discovery.googlegroups.com/web/oauth-key-publication-2009-11-24.txt
Cheers,
Brian
Comments welcome:
http://oauth-key-discovery.googlegroups.com/web/oauth-key-publication-2009-11-24.txt
Cheers,
Brian
John Panzer
Dec 16, 2009, 5:19:41 PM12/16/09
to oauth-key-discovery
A comment:
The X509Certificate element contains a base64-encoded X509v3
certificate (TODO:reference).
After several hours of poking around, I've discovered that parsing
these is highly nontrivial on Google AppEngine, which makes me
nervous. I think this means we should either augment Google AppEngine
or change the spec.
From the POV of Salmon, we may not actually need the full complexity
of a CA cert path and the X509Certificate element therefore is mostly
overkill.
Wading into waters I am not equipped to talk intelligently about,
except in regards to existing library support: Would it be reasonable
to support a very simple alternative to a full X509Certificate
element, e.g., that provides exponent and modulus for RSA in the case
where you have no signed cert chain?
On Nov 24, 6:15 pm, Brian Eaton <bea...@google.com> wrote:
> I just published a fresh draft of the oauth key discovery work.
>
> Comments welcome:http://oauth-key-discovery.googlegroups.com/web/oauth-key-publication...
>
> Cheers,
> Brian
The X509Certificate element contains a base64-encoded X509v3
certificate (TODO:reference).
After several hours of poking around, I've discovered that parsing
these is highly nontrivial on Google AppEngine, which makes me
nervous. I think this means we should either augment Google AppEngine
or change the spec.
From the POV of Salmon, we may not actually need the full complexity
of a CA cert path and the X509Certificate element therefore is mostly
overkill.
Wading into waters I am not equipped to talk intelligently about,
except in regards to existing library support: Would it be reasonable
to support a very simple alternative to a full X509Certificate
element, e.g., that provides exponent and modulus for RSA in the case
where you have no signed cert chain?
On Nov 24, 6:15 pm, Brian Eaton <bea...@google.com> wrote:
> I just published a fresh draft of the oauth key discovery work.
>
>
> Cheers,
> Brian
Reply all
Reply to author
Forward
0 new messages