[doseta-discuss] suggestions/concerns on spec
Bill Burke
bburke at redhat.com
Thu Jun 2 12:35:12 PDT 2011
On 6/2/11 3:13 PM, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: doseta-discuss-bounces at blackops.org [mailto:doseta-discuss-bounces at blackops.org] On Behalf Of Bill Burke
>> Sent: Thursday, June 02, 2011 12:10 PM
>> To: doseta-discuss at trusteddomain.org
>> Subject: Re: [doseta-discuss] suggestions/concerns on spec
>>
>> DOSETA pulls in public key propagation. Requires a bh field (you might
>> want to sign headers but no body). I'd like to see that stuff split off
>> and/or optional.
>
> That's curious. Why would you want to sign none of the body?
>
> (I've heard the email side of that argument, but I'm keen to hear new perspectives.)
>
One more use case is pre-authenticated URLs. I have a user that wants
to embed a signature as a query param so that he can grant a user a one
time pass to view some information. Canonicalizing and creating the
signature could be defined by a DOSETA specification.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the doseta-discuss
mailing list