Thanks for posting that Brian. I'm leaning towards signed approval URLs. Seems the best way to go IMO. Seems to solve the issues and also helps simplify the OAuth flow.
On Sat, Apr 25, 2009 at 2:09 PM, Brian Eaton <bea...@google.com> wrote: > > On Sat, Apr 25, 2009 at 10:46 AM, Chris Messina <chris.mess...@gmail.com> > wrote: > > I'd like to point out that anyone can organize one of these events > wherever > > they are — this need not happen in the Bay Area exclusively! > > We had a meeting in Mountain View on Friday, our notes are here: > https://oauth.pbwiki.com/OAuth-Session-Fixation-Advisory. > > (Both of the proposals we focused on have already been discussed on > this list in various forms.) > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
