668
edits
Changes
→BrowserID + REST
== BrowserID + REST ==
[[Image:BrowserIDREST.png]]
The idea is to standardize a point of authentication, <tt>/auth</tt>, which exchanges an assertion for an OAuth token and secret, valid for some session duration (30 minutes?). Then, subsequent API calls are made with an OAuth signature header using that token and secret. This is in so-called 2-legged OAuth mode.
== Key Wrapping ==
