WFM.
-Original Message-
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Tuesday, August 10, 2010 9:03 AM
To: Eran Hammer-Lahav
Cc: oauth
Subject: Re: [OAUTH-WG] more than one assertion?
To be honest, I somehow overlooked that particular text - my mistake and
I was trying to understand that too (see Is user agent profile secure
thread).
The answers that I've got were:
1. It's already coded this way.
2. It's the most efficient way of doing that, because that relay.html page is
static and can be cached by a browser.
None of the answers above looks
Thank you for the explanation. I no
Am 10.08.2010 um 19:23 schrieb Luke Shepard lshep...@facebook.com:
Here are the possible URLs:
http://static.facebook.com/connect/xd_proxy.php#code=10alkjiaccess_token=lzipa3p
Luke,
Thanks for answering. Sorry, for been paranoid, but I think that you'll have
more qs in regards of your frame-based-cross-domain-secret-sharing solution.
The thing is that each time when a web app with sensitive info can be run in a
frame, security people would advice to break that
Folks-- The UMA group has produced the following I-D as input to the OAuth
discovery/registration/binding discussion. We wanted to set forth our
requirements (knowing that there may be other requirements from the wider
community) and propose some solutions that meet them. If further
+1
(1) is crystal-clear and is a must, as far as I am concerned. (2) would
definitely help as a catch-all for unauthorized requests.
Igor
Torsten Lodderstedt wrote:
Would it make sense to support two scenarios? (1) Discovery as described in my original
posting independent of functional
Yes, but you'll need a web server client for that. I'm saying that UA profile
can be POST based too.
If you want, I can write an example of both client and server side code to
explain what I mean.
-Original Message-
From: David Recordon [mailto:record...@gmail.com]
Sent: Tuesday,