On 4/23/09 9:26 PM, Brian Eaton wrote: > A flow like this? > 1) User visits SP, gets "identity token" > 2) User enters "identity token" into desktop app. > 3) Desktop app sends user back to SP again. > 4) User approves access at SP. > 5) User goes back to desktop to approve access.
Something like this, right, except (5) is more like "User uses desktop app." > That's not a good user experience, nor is it necessary to fix the > security problems in the protocol. Perhaps not necessary, but definitely sufficient. What folks feel is necessary in order to preserve "good user experience," if it is not sufficient to remove the risk, is worthless. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
