RESTFest 2012, OAuth

19 views
Skip to first unread message

Carol Nichols

unread,
Sep 17, 2012, 8:27:48 PM9/17/12
to profile-...@googlegroups.com
Hello to anyone out there!! I've just gotten back from RESTFest and it was a really great experience-- everyone there was really nice and I learned a lot, so if you're at all interested in REST/hypermedia, I highly recommend going next year!!

I talked a bit about adding ALPS to rstat.us and I'd love any feedback anyone has :)
http://vimeo.com/49613736

I'd also like to propose a few extensions/modifications to the ALPS microblogging spec based on my experiences, and the first one I'd like to offer up for discussion is to allow OAuth to be used for authentication. The spec currently states:

"Servers MAY require clients to support HTTP Authentication (BASIC or DIGEST) for some requests."

and I'd like to propose some variant of:

"Servers MAY require clients to support OAuth Authentication (1.0 (RFC 5849 [1]) or latest rev of 2.0 [2]) for some requests."

I realize there are issues with OAuth [3], but it's becoming a common strategy for authenticating through APIs. Thoughts???

Thanks,
Carol


[1] - https://tools.ietf.org/html/rfc5849
[2] - https://tools.ietf.org/html/draft-ietf-oauth-v2-31
[3] - http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

mca

unread,
Sep 17, 2012, 8:53:33 PM9/17/12
to profile-...@googlegroups.com
First, thanks for contributing to RESTFest 2012. Your talk was great and the client your UI team built at the hackday was sweet.

Second, I think it's good to signal support for OAuth in the docs. In fact, the docs need some love, in general. format is unwieldy, some bugs/missing stuff, etc.

Also, I'd like to work up a simple HTML(machine) representation of the profile for easy consumption, too. I currently use a variant of Tantek Celik's XMDP profile[1]. I am looking at other options and am open to suggestions.


[1] http://gmpg.org/xmdp/

mca

mca

unread,
Sep 17, 2012, 8:59:08 PM9/17/12
to profile-...@googlegroups.com
First, thanks for contributing to RESTFest 2012. Your talk was great and the client your UI team built at the hackday was sweet.

Second, I think it's good to signal support for OAuth in the docs. In fact, the docs need some love, in general. format is unwiedly, some bugs/missing stuff, etc. Also, I'd like to work up a simple HTML(machine) representation of the profile for easy consumption, too. I currently use a variant of Tantek Celik's XMDP profile [1]
On Mon, Sep 17, 2012 at 8:27 PM, Carol Nichols <carol....@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages