I believe we have full consensus on this approach.
EHL
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Tuesday, August 23, 2011 11:06 PM
To: Eran Hammer-Lahav
Cc: OAuth WG (oauth@ietf.org)
Subject: Re: [OAUTH-WG] Auth Code Swap Attack
making CSRF prevention a MUST and
I believe we have full consensus on this approach.
I agree, and I will close the issue.
Barry, happy chair
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
#23: Auth Code Swap Attack (CSRF)
Changes (by barryleiba@…):
* status: new = closed
* resolution: = fixed
Comment:
Consensus is to make CSRF prevention a MUST and to recommend the state
parameter as an implementation mechanism. Text will go into version -21.
--
Bravo! This has been project-managed masterly.
Igor
On 8/24/2011 8:32 AM, Barry Leiba wrote:
On Mon, Aug 22, 2011 at 1:53 PM, Barry Leibabarryle...@computer.org wrote:
I intend to add the following to the response to this item:
The working group understands that client code needs to know