Haven't seen any followup here but am running into people telling me that
they're coming to Facebook. I'm still happy to host, just unclear since I
haven't heard anything.
On Apr 22, 2011, at 5:30 PM, Eran Hammer-Lahav e...@hueniverse.com wrote:
+1 for Facebook.
-Original Message-
Hi Eran, all,
On 09/05/11 18:01, Eran Hammer-Lahav wrote:
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Hannes Tschofenig
Sent: Monday, May 09, 2011 4:25 AM
Goals and Milestones
May 2011Submit 'HTTP Authentication: MAC
Hi,
I'm implementing an authorization and resource server at worked based on the
oauth2 draft 15. A question arose about the user experience of users of an
implicit client flow. I've set a one hour expiry on access tokens but now
the question is should the client be forced to re-prompt the user
I can work with that. Thanks.
EHL
-Original Message-
From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie]
Sent: Tuesday, May 10, 2011 3:25 AM
To: Eran Hammer-Lahav
Cc: Hannes Tschofenig; oauth@ietf.org WG; Peter Saint-Andre
(stpe...@stpeter.im); 'Adam Barth
Anyone else noticed that they overlap each other this year? :-/
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
But that's so much work. :-P
The ease of using a throwaway signed URL as a self-contained information
unit shouldn't be ignored. It requires exactly zero client-side code and
can survive all kinds of HTML repackaging and transit easily.
-- Justin
On Mon, 2011-05-09 at 22:11 -0400, Peter
It is a compelling use case, but one that I do not intend on solving within the
MAC draft for now. Getting MAC cookies adoption is much higher on my list and
anything that makes the specification longer and more complex stands in that
way.
However, feel free to propose a mechanism and we can
These could be solved and the whole normalization process thrown out by
just restating the string that you signed. It's then up to the server to
decide if they want to reparse and validate the request or not, but it
gets around url rewriter problems, which I've had definite trouble with
in my
On 5/10/11 8:34 AM, David Recordon wrote:
Anyone else noticed that they overlap each other this year? :-/
Yeah, it's a bummer.
Peter
--
Peter Saint-Andre
https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
___
OAuth
On Mon, May 9, 2011 at 7:11 PM, Peter Wolanin peter.wola...@acquia.com wrote:
What about using the cookie header?
We have a sha1-HMAC authentication scheme where we are passing the
HMAC, nonce, timestamp as parts of the cookie header since scripting
languages that cannot access arbitrary
On Tue, May 10, 2011 at 6:25 AM, Doug Tangren d.tang...@gmail.com wrote:
Hi,
I'm implementing an authorization and resource server at worked based on the
oauth2 draft 15. A question arose about the user experience of users of an
implicit client flow. I've set a one hour expiry on access
Have the plans for the interim meeting been nailed down - including a rough
agenda ?
(I heard discussion on closing the open issues...anything else that will be
discussed ?)
Is this still being held at Facebook, 9-6 and were the web conference/dial
in numbers arranged ?
On Tue, May 10, 2011 at 3:00 AM, David Recordon record...@gmail.com wrote:
Haven't seen any followup here but am running into people telling me that
they're coming to Facebook. I'm still happy to host, just unclear since I
haven't
heard anything.
Yes, so sorry about that.
The chairs would be
On Tue, May 10, 2011 at 11:17 PM, Barry Leiba barryle...@computer.org wrote:
If you post the venue details to this thread, when you have them, I'll
update the wiki:
http://trac.tools.ietf.org/wg/oauth/trac/wiki/InterimMeeting
Sure, it's 1050 Page Mill Road in Palo Alto and then head to the
If you post the venue details to this thread, when you have them, I'll
update the wiki:
http://trac.tools.ietf.org/wg/oauth/trac/wiki/InterimMeeting
Sure, it's 1050 Page Mill Road in Palo Alto and then head to the lobby
of building 1.
I have updated the wiki.
Barry
Sure, it's 1050 Page Mill Road in Palo Alto and then head to the lobby
of building 1.
I have updated the wiki.
Hannes has also created an Eventbrite event for people to sign up at:
http://oauth-interim.eventbrite.com/
It's very important, for room planning purposes (and lunch, too) that
Hi Marius,
wrt auto-approval: how is the authorization server supposed to validated the
client's identity in a reliable way? Otherwise another application (using the
id of the legitimate client) could abuse the authorization previously approved
by the user as long as the session with the
17 matches
Mail list logo
