Amusing like your past rants but they don't help or offer solutions. We
proposed a solution in the bearer token specification, I have not seen you
offer alternative to this proposal, so you're not being constructive here and
trying to reach consensus. You don't agree with our use cases and requi
You should probably go read RFC 2616 again...
EHL
> -Original Message-
> From: Anthony Nadalin [mailto:tony...@microsoft.com]
> Sent: Thursday, March 24, 2011 2:15 PM
> To: Eran Hammer-Lahav; Phil Hunt; Manger, James H
> Cc: oauth@ietf.org
> Subject: RE: [OAUTH-WG] Apparent consensus on O
Removed.
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Wednesday, February 16, 2011 11:03 AM
To: OAuth WG
Subject: [OAUTH-WG] -13 4.3.2: internationalization consideration for username
and password
Unless someone provides a proposed text
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Phil Hunt
> Sent: Monday, February 21, 2011 4:49 PM
> To: OAuth WG
> Subject: [OAUTH-WG] Draft13: What are the possible OAuth related access
> errors for section 7?
>
> When accessing a pro
Was there any conclusion?
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Thursday, February 24, 2011 4:09 PM
To: OAuth Mailing List; web...@ietf.org
Subject: [OAUTH-WG] Indicating origin of OAuth credentials to combat login CSRF
Q. Should an
New text (moved the first half from sub section 3.2 to 3):
In addition, the authorization server MAY allow unauthenticated access
token requests
when the client identity does not matter (e.g. anonymous client) or
when the client
identity is established via other means. Fo
I have started processing all the incoming feedback (expect responses to each
note received). If you have additional feedback, I suggest it waits for the
next draft (-14). However, if it is a blocking comment, please post to the list
as soon as possible.
EHL
> -Original Message-
> From
Done.
Also removed ' and the authentication of the client is based on the
user-agent's same-origin policy'.
EHL
> -Original Message-
> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
> Sent: Wednesday, March 02, 2011 6:05 AM
> To: Eran Hammer-Lahav
> Cc: Marius Scurtescu; OAuth
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Mark Kent
> Sent: Sunday, March 06, 2011 1:19 PM
> 1. The error response mechanism for the authorization endpoint depends on
> the response_type being requested. Assuming that the client an
This line was left over from an earlier draft. It's now removed. It may
reappear in the security considerations section.
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Craig Heath
> Sent: Thursday, March 10, 2011 10:33 AM
> To: oaut
>> 3. I believe that section 5.2 is ambiguous as to the error code that should
>> be
>> returned from the token endpoint when the client credentials are valid,
>> when the client is authorized to use the authorization code grant type in
>> general, but when the authorization code supplied is not va
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Torsten Lodderstedt
> Sent: Sunday, March 13, 2011 3:51 PM
> section 1.4: "An authorization grant is a general term used to describe the
> intermediate credentials ..."
>
> Since passwords
Hi Craig,
could you pls. remove me from the lists.
I coudn't find a unsubscribe-buton on the site.
Thx. and regards,
Gabi
Gabi Banfield
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Chuck Mortimore
> Sent: Monday, March 14, 2011 6:10 PM
> 1) I'd vote for dropping the following from 1.4.2. In turn I'd discuss some
> of
> the security considerations, such as difficulty
Done.
On 3/24/11 6:14 PM, Ruhrstadt-Agentur Com4 wrote:
> Hi Craig,
>
> could you pls. remove me from the lists.
> I coudn't find a unsubscribe-buton on the site.
>
> Thx. and regards,
>
> Gabi
>
>
> *Gabi Banfield
> *
> Ruhrstadt-Agentur Com4
>
> Düsseldorfer Str. 35
>
> 44143 Dortmund
>
Phil
phil.h...@oracle.com
On 2011-03-24, at 6:35 PM, Eran Hammer-Lahav wrote:
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Chuck Mortimore
>> Sent: Monday, March 14, 2011 6:10 PM
>
>> 1) I'd vote for dropping the following f
On Mar 24, 2011, at 6:36 PM, "Eran Hammer-Lahav" wrote:
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Chuck Mortimore
>> Sent: Monday, March 14, 2011 6:10 PM
>
>> 1) I'd vote for dropping the following from 1.4.2. In turn I'd
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Mike Jones
> Sent: Tuesday, March 15, 2011 7:52 AM
> 2.1.1: "If no valid redirection URI is available, the authorization server
> SHOULD" - I don't understand why this is a SHOULD and not
> -Original Message-
> From: Chuck Mortimore [mailto:cmortim...@salesforce.com]
> Sent: Thursday, March 24, 2011 7:22 PM
> To: Eran Hammer-Lahav
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] WGLC on draft-ietf-oauth-v2-13.txt
>
>
> On Mar 24, 2011, at 6:36 PM, "Eran Hammer-Lahav"
> wrote:
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Freeman, Tim
> Sent: Tuesday, March 15, 2011 2:56 PM
I think authorization, user-agent, endpoint are well understood terms among
those working with HTTP which OAuth clearly requires a ce
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Justin Richer
> Sent: Wednesday, March 16, 2011 4:05 PM
> Preamble:
>
> Does this document actually obsolete 5849? Since OAuth2 is explicitly not
> backwards compatible, is this WG really m
21 matches
Mail list logo
