I am designing a RESTful API which will always communicate over HTTPS. Is there any reason to use a scheme like OAuth when running over HTTPS? I am particularly interested whether or not aspects like HMAC-signed requests, nonces, and timestamps are useful when the entire communication is encrypted.
It seems like any authentication scheme over HTTPS is sufficient but I just wanted to get a second opinion.