On Wed, May 11, 2011 at 3:26 PM, Lodderstedt, Torsten < t.lodderst...@telekom.de> wrote:
> > > > Through registration and redirect URI validation. A native app does > > not have to impersonate, they can just register a user-agent client. > > Everything boils down to the user trusting the app. As Breno mentions, > > nothing the spec can do to help with that. > > It could recommend the authorization server not to automatically process > repeated authorizations without user consent if it cannot reliably > authenticate the client. > And, as I explained above, it would provide no additional meaningful security while at the same time eliminating the value of the user-agent profile. > > > > > Marius > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Breno de Medeiros
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth