[wp-xmlrpc] Any interest in OAuth?
Joe.Cheng at microsoft.com
Wed Jun 18 18:02:20 GMT 2008
> While perhaps not the ideal situation that everyone would like,
> having XML-RPC not require HTTP authentication has made it much
> easier to support in a variety of server environments.
That's a laudable goal and I agree it would've been a mistake to require HTTP auth. X-WSSE grew out of exactly the same set of constraints. Other than the fact that it requires the server to know the password, it seems like it would've been perfect for WP.
I don't claim to have a solution but at least it would be good to get to consensus about whether we even have a security problem right now.
> I'm not claiming that XML-RPC is perfect, or even the best, but it
> shouldn't be blamed for what people built on top of it.
Yes, I've been using XML-RPC to mean "The family of blogging protocols based on XML-RPC". However, since the same guy invented XML-RPC and MetaWeblog, I don't feel too bad painting with a broad brush ;)
More information about the wp-xmlrpc