Thanks Eran, can't be an easy job :)
On 23 July 2012 18:20, John Bradley ve7...@ve7jtb.com wrote:
I also want to thank Eran for all of his work.
We would not have OAuth without his contributions.
John B.
On 2012-07-23, at 1:14 PM, Torsten Lodderstedt wrote:
+1
Peter Saint-Andre
I'm gonna ditch the (lengthy) reply I was drafting and agree with the below.
Personally, my communication with the OAuth WG has been spot on. Warm
welcome, open minds
and a very good process to getting my requirements/concerns heard and
pragmatic change enacted.
All I saw here was foot stomping
On 7 September 2011 20:24, Michael Thomas m...@mtcc.com wrote:
On 09/07/2011 12:12 PM, Eran Hammer-Lahav wrote:
[more browbeating elided]
In fact, you guys have convinced me that OAuth gives inferior protection
at
considerable expense for all concerned.
an irresponsible and serious
I agree. This is like saying SSL has an issue because it doesn't stop
keyloggers.
Not an oauth issue.
sent from my android phone
On Sep 6, 2011 8:14 PM, Eran Hammer-Lahav e...@hueniverse.com wrote:
You are one making the argument that no one should be installing apps.
There is no known way to
I'm pretty sure anyone charged with implementing the oauth protocol should
be able to make a fairly informed judgement about what oauth does and
doesn't do and the implications of that scope. Like all security, it is
about layers ... And oauth isn't all layers. That's obvious.
I don't think
Perhaps a solution is to push OAuth.net as more of a everything you ever
wanted to know about OAuth
and direct non-core issues there for a page of good content to be created.
This way the RFC can focus on the
issue at hand and broader scope can be taken care of without having a 40+
thread on
will confuse the purpose and scope of OAuth, when anonymity is a restriction
on some system
using OAuth.
I don't see OAuth as being anymore a system with anonymity properties than
say, my web browser.
Depends on how you use it; entirely.
Aiden Bell
On 12 August 2011 16:10, Torsten Lodderstedt tors
I have been following this thread with my jaw slightly open...
As an implementor, the purpose of the refresh token I felt was clear in 1.5.
I just don't see the anonymity
slant here at all ... any more than any other part of the spec. It all
depends on what your service/api or
whatever allows for
Hi,
I am currently implementing the device profile described at
http://tools.ietf.org/html/draft-recordon-oauth-v2-device-00
Wanted to check this hadn't been superseded by any other document or
protocol
though I did notice the Google implementation is in-line with this document.
Even though the
** **
** **
** **
*From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
Of *Aiden Bell
*Sent:* Wednesday, July 20, 2011 12:04 PM
*To:* OAuth WG
*Subject:* Re: [OAUTH-WG] OAuth v2-18 comment on state parameter
** **
See below for revision, tried to follow
in the draft setup the premise first
and give a quick explanation of the attack…
** **
EHL
** **
*From:* Aiden Bell [mailto:aiden...@gmail.com]
*Sent:* Wednesday, July 20, 2011 11:38 AM
*To:* Eran Hammer-Lahav; OAuth WG
*Subject:* Re: [OAUTH-WG] OAuth v2-18 comment on state parameter
if this is unsuitable, i'm just looking at it as an implementor
and questioning my own assumptions,
then trying to make the text clearer. The validity of my assumptions isn't
presumed.
Thanks,
Aiden Bell
On 19 July 2011 07:21, Eran Hammer-Lahav e...@hueniverse.com wrote:
I have tried to accommodate both the use
This seems clearer Eran. I don't blame you for not liking collection, I
was searching for a term without
too much theoretical background; Your revision reads much better.
I'm happy with it. This seems like a good alternative now if parsing is the
concensus.
Thanks again,
Aiden
On 19 July 2011
code_and_token.
---
Thanks and apologies if that was all jibberish or I missed something.
Aiden Bell
On 15 July 2011 18:44, Eran Hammer-Lahav e...@hueniverse.com wrote:
I was only arguing against the proposed text which doesn’t accomplish what
you want from a normative perspective. I can easily address
14 matches
Mail list logo