Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06

2011-07-10 Thread Ian McKellar
t-ietf-oauth-v2-bearer.xml (will > point to new versions as they are posted) > > · http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion > repository, with html, pdf, txt, and html versions available) > > > >   

Re: [OAUTH-WG] best practices for storing access token for implicit clients

2011-07-11 Thread Ian McKellar
arius >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > ___ > OAuth mailing list > OAuth@ietf.org > https://w

Re: [OAUTH-WG] best practices for storing access token for implicit clients

2011-07-11 Thread Ian McKellar
__ >> > OAuth mailing list >> > OAuth@ietf.org >> > https://www.ietf.org/mailman/listinfo/oauth >> ___ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > > _

Re: [OAUTH-WG] How do we deal with unrecognized elements in requests and responses?

2010-06-28 Thread Ian McKellar
on all > the ways that the ignore rule can go wrong if extensions aren’t handled > carefully. > > > >     Thoughts? > > > >     Thanks, > > > >     Yaron > > ______

Re: [OAUTH-WG] JSON parsing in the browser (was: Proposal for single JSON response format)

2010-06-28 Thread Ian McKellar
e the kind of developer who will start evaling strings send from the server then there's not much hope of their application being secure, regardless of OAuth. Ian -- Ian McKellar <http://ian.mckellar.org/> i...@mckellar.org: email | jabber | m

Re: [OAUTH-WG] Security of user agent clients (WAS: End user auth response code-and-token's scope parameter)

2010-07-02 Thread Ian McKellar
, scope, and expires_in to the redirection URI fragment using >>> theapplication/x-www-form-urlencoded format as defined by... >>> >>> >>> >>> Since the scope applies equally to both the code and access_token >>> parameters, it seems that scope shoul

Re: [OAUTH-WG] Security of user agent clients (WAS: End user auth response code-and-token's scope parameter)

2010-07-03 Thread Ian McKellar
t; > EHL > > > > From: Andrew Arnott [mailto:andrewarn...@gmail.com] > Sent: Friday, July 02, 2010 7:24 PM > To: Eran Hammer-Lahav > Cc: Ian McKellar; Marius Scurtescu; OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Security of user agent clients (WAS: End user auth