I plan to drop support for the bodyhash parameter in the next draft based on
bad implementation experience. Even with simple text body, UTF encoding has
introduced significant issues for us. The current draft does not work using
simple JS code between a browser and node.js even when both use the
Thanks for doing this.
EHL
On Jul 29, 2011, at 12:08, "Brian Campbell" wrote:
> Following up from
> http://www.ietf.org/mail-archive/web/oauth/current/msg06949.html a few
> weeks ago, I've submitted a new I-D to establish an IETF URN
> Sub-Namespace for OAuth (urn:ietf:params:oauth:*:*). Eran
I think it is intuitively similar to clickjacking, but the actual
exploit methods and countermeasures are different (iframes vs. request
spoofing, external browsers vs. nonce). It actually bears similarities
to CSRF, only from the authorization server's point of view.
I've taken the liberty to com
Following up from
http://www.ietf.org/mail-archive/web/oauth/current/msg06949.html a few
weeks ago, I've submitted a new I-D to establish an IETF URN
Sub-Namespace for OAuth (urn:ietf:params:oauth:*:*). Eran balked at
putting this in the core spec so it made sense to produce a separate
draft for i
That's correct. Murray is the liaison and he will provide the response of the
liaison to the OMA.
I am the liaison shepherd from the Internet Architecture Board.
On Jul 29, 2011, at 2:41 AM, SM wrote:
> Hi Igor,
> At 10:39 PM 7/20/2011, Igor Faynberg wrote:
>> the communication can emanate dir
I think this threat is similar to clickjacking
(http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-10.13).
Could we incorporate it into this section (w/o delaying the spec's
release process)?
regards,
Torsten.
Am 26.07.2011 19:29, schrieb Niv Steingarten:
Would it be possible to cons
Hi all,
we would like to bring this document forward as an informational RFC and
would like to put it on WGLC soon. In preparation we plan to publish
another revision. Although we got considerable feedback so far, we feel
that especially section 5 could benefit from additional reviews.
So we