Return-Path: Delivered-To: apmail-incubator-amber-dev-archive@minotaur.apache.org Received: (qmail 38123 invoked from network); 16 Jun 2010 10:08:27 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 16 Jun 2010 10:08:27 -0000 Received: (qmail 47258 invoked by uid 500); 16 Jun 2010 10:08:27 -0000 Delivered-To: apmail-incubator-amber-dev-archive@incubator.apache.org Received: (qmail 47232 invoked by uid 500); 16 Jun 2010 10:08:27 -0000 Mailing-List: contact amber-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: amber-dev@incubator.apache.org Delivered-To: mailing list amber-dev@incubator.apache.org Received: (qmail 47219 invoked by uid 99); 16 Jun 2010 10:08:25 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jun 2010 10:08:25 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of simone.tripodi@gmail.com designates 74.125.78.144 as permitted sender) Received: from [74.125.78.144] (HELO ey-out-1920.google.com) (74.125.78.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jun 2010 10:08:19 +0000 Received: by ey-out-1920.google.com with SMTP id 13so772130eye.8 for ; Wed, 16 Jun 2010 03:07:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=NqvaO5SVHGxkHBXMoJmdZOc3JuflfL/bJLMGrlFMuyk=; b=N77pLM/W55tRutZQqHlWjPUNcGSXfywBYQ20TnHUH5UDKobFOZajV7pAa4K1Ox2oKO FWdo8se5fOHAaKvq1ck9e00nVksA+BZudOM4rUBi/2x3CuVemYIElfD49ligOhMZr997 wemRqrIXrNpmUNu5EGqbZ0wVQVn4S1TAqDaYI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=FVEDuCrl+oR23G9OW1dF8Qddoq83bg3FYrqmLz63jy9AIk2NMfPsn2PgIMCfz5Yqvj 8UVt8xNo70l2Utes8nz/THsUexgSRtYp67k+D9iTSK9Pv1vrJLMa8p6PEmtBNjWYMQ3k 1TL//yFTjSc0KNhC4bZI2VKEWWQ44CqJ4CSK4= MIME-Version: 1.0 Received: by 10.213.8.134 with SMTP id h6mr1544775ebh.40.1276682879242; Wed, 16 Jun 2010 03:07:59 -0700 (PDT) Received: by 10.213.16.137 with HTTP; Wed, 16 Jun 2010 03:07:59 -0700 (PDT) In-Reply-To: <4C188C90.4010600@apache.org> References: <4C17BE5B.4000000@apache.org> <4C17D895.8030101@apache.org> <4C17E29F.8010407@pidster.com> <4C188C90.4010600@apache.org> Date: Wed, 16 Jun 2010 12:07:59 +0200 Message-ID: Subject: Re: APIs From: Simone Tripodi To: amber-dev@incubator.apache.org, pidster@apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org Hola, > > But I wonder, does the signature API need to be exposed in the API spec > or could it be entirely internal to the implementation? > I'd let the signature API be exposed in the API spec, since our users could implement their own signature method[1] as reported in the spec: "OAuth does not mandate a particular signature method, as each implementation can have its own unique requirements. Servers are free to implement and document their own custom methods. Recommending any particular method is beyond the scope of this specification. [...]" [1] http://tools.ietf.org/html/rfc5849#section-3.4 Simo > > p >