Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

Now, this is useful. I think this raises a very good point. Unless we expect the server response to always be just key/value pairs (regardless of the chosen serialization), we cannot support multiple formats. If we decide on limiting to a flat key/value pairs, the value of multiple formats is s

Re: [OAUTH-WG] Indicating sites where a token is valid

Why can't an image be protected with both Basic and OAuth? In this case the browser is the OAuth client. EHL From: Dick Hardt [mailto:dick.ha...@gmail.com] Sent: Sunday, May 16, 2010 11:38 AM To: Eran Hammer-Lahav Cc: Evan Gilbert; OAuth WG Subject: Re: [OAUTH-WG] Indicating sites where a token

[OAUTH-WG] Reminder: OAuth Interim Meeting, 20th May

The focus of the meeting is to make progress on the draft. We should not be spending any time explaining OAuth, or giving introductions to newcomers. Reading the latest draft -05 is required for any meaningful participation. I would like to spend some time going over the draft section by section

Re: [OAUTH-WG] in-app logout?

Yaron, > Note that in some very popular browsers and some proxies the maximum safe URL > size is more like 2k. 2KB is sufficient for a 4096-bit RSA signature = 4096 / 8 * 4 / 3 = 683 base64 chars -- with 1.3KB over for permissions etc. > -Original Message- > From: oauth-boun...@ietf.o

[OAUTH-WG] Reminder: OAuth Interim Meeting, 20th May

This is a reminder of the OAuth interim meeting, which happens this Thursday, 20th May. The meeting venue is at Yahoo 701 First Ave Sunnyvale, CA 94089. Here is the info: http://trac.tools.ietf.org/wg/oauth/trac/wiki/InterimMeeting Be advised to read the latest OAuth specification to benefit f

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

My concerns with C are twofold. First, it's unclear to me how we will successfully reason about OAuth's data model when the three proposed formats all have mutually incompatible data models? | Forms | JSON | XML Nesting| NO | YES | YES Multi-Value Fields |

Re: [OAUTH-WG] Strict equality matching of redirect_uri

On Sun, May 16, 2010 at 11:20 AM, Dick Hardt wrote: > If the matching is left to an arbitrary, server defined algorithm, we lose > interop since a client implementation may make assumptions on what may be > allowed in the redirect_uri at one AS and then not be able to work with > another AS that i

[OAUTH-WG] Google’s Experimental OAuth-WRAP su pport

Google currently supports the use of the OAuth1.0/1.0a and OpenID/OAuth Hybrid protocols for accessing Google APIs (see documentation). Google is committed to providing support for OAuth2

Re: [OAUTH-WG] in-app logout?

Note that in some very popular browsers and some proxies the maximum safe URL size is more like 2k. > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Dick Hardt > Sent: Sunday, May 16, 2010 5:27 PM > To: Manger, James H > Cc: OAuth WG (oaut

Re: [OAUTH-WG] Strict equality matching of redirect_uri

On Mon, May 17, 2010 at 8:29 AM, Evan Gilbert wrote: > I'd like to get a standard for redirect URI matching, but think this may not > be feasible - we are leaving the callback URI registration mechanism > undefined and I've heard a number of different mechanisms that companies > want to support. >

Re: [OAUTH-WG] Strict equality matching of redirect_uri

I'd like to get a standard for redirect URI matching, but think this may not be feasible - we are leaving the callback URI registration mechanism undefined and I've heard a number of different mechanisms that companies want to support. I think we should leave the matching undefined, possibly with

Re: [OAUTH-WG] Open Issues: Group Survey (respond by 5/13)

The only reason I've heard was interoperability but it is always stated as patently obvious without a given reasoning. My assumption is this is concern of OAuth 2 client library authors who don't want to depend on 3 parsing libraries but want to state they can inter-operate with any OAuth 2 prov

Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-05.txt

Where is the meeting and at what time? [quote] This will be the last draft update before our meeting next week to allow everyone time to read it and prepare. EHL [\quote] ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinf

Re: [OAUTH-WG] [oauth] #6: Make automated self-registration of unique clients possible

On 16 May 2010, at 3:52 PM, Dick Hardt wrote: >> Comment(by e...@…): >> >> (I agree the spec is getting pretty long. I wonder if it's possible to do >> some factoring-out of common text, e.g. regarding common features of >> flows, to mitigate this. The length is actually making me waver a bit on >