OAuth and HTTP caching

created 23 September 2009 in links tagged headers, http, oauth and security.

Every single piece of infrastructure that people are using on the Web today was developed after the authenticate headers were designed. If people have designed a scripting host in such a fashion that the information does not make it through, that is clearly either a deliberate decision on their part or the system is so clueless that you probably don’t want to use it for any security related application in any case.

http://www.ietf.org/mail-archive/web/oauth/current/msg003...