oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <pids...@apache.org>
Subject Re: APIs
Date Wed, 16 Jun 2010 10:45:12 GMT
On 16/06/2010 11:07, Simone Tripodi wrote:
> Hola,
>> But I wonder, does the signature API need to be exposed in the API spec
>> or could it be entirely internal to the implementation?
> I'd let the signature API be exposed in the API spec, since our users
> could implement their own signature method[1] as reported in the spec:
>    "OAuth does not mandate a particular signature method, as each
>    implementation can have its own unique requirements.  Servers are
>    free to implement and document their own custom methods.
>    Recommending any particular method is beyond the scope of this
>    specification. [...]"
> [1] http://tools.ietf.org/html/rfc5849#section-3.4

Can I suggest it's a candidate for a ServiceLoader implementation?

This would mean that it can be specified by the API, but used internally
and thus the complications associated with interacting with it are the
problem of the implementor, rather than that of a developer using the

It would also mean that it's extremely easy to drop in additional
signature method implementations.

Maybe we can come back to this; can we look at the higher level API and
work our way down?


> Simo
>> p

View raw message