Hi Antonio, thanks for raising this issue and for pointing to the relevant email exchange.
Let me figure out the schedule for getting this issue resolved. I believe we could cover this topic in one of our conference calls (for which I have to distribute a poll first). I believe it is important to produce a write-up about this issue; the question is only what the appropriate format is. Ciao Hannes On 11/25/2014 10:44 AM, Antonio Sanso wrote: > hi Hannes , > > thanks for sharing the minutes. > > about > > ====== John reported a security problem where a 302 redirect without > user interaction causes security problems. Do we want to say somthing > about this? Implementation guidance somewhere? > > Chairs: Is this written up? > > John: Yes, on mailing list. > > Justin: This might be a good example for the oauth.net article > section because it's implementation advice, not a change to the > protocol. ===== > > I assume (maybe wrong) this might be about [0]. My question is there > any timeline/action plan for this topic? I am more than happy if I > could contribute or try to help out > > regards > > antonio > > [0] http://www.ietf.org/mail-archive/web/oauth/current/msg13367.html > > > On Nov 14, 2014, at 4:05 AM, Hannes Tschofenig > <hannes.tschofe...@gmx.net> wrote: > >> Hi all, >> >> here is a draft version of the meeting minutes: >> http://www.ietf.org/proceedings/91/minutes/minutes-91-oauth >> >> Thanks to Brian Rosen for taking notes. >> >> Comments are welcome! >> >> Ciao Hannes & Derek >> >> _______________________________________________ OAuth mailing list >> OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
