Hi Craig, could you pls. remove me from the lists. I coudn't find a unsubscribe-buton on the site. Thx. and regards, Gabi Gabi Banfield
Ruhrstadt-Agentur Com4 Düsseldorfer Str. 35 44143 Dortmund Mobil: 0151.22685714 Fax: 0321.21324606 Web: agentur-com4.com Mail: banfi...@agentur-com4.com
Amtsgericht Dortmund HRA 16316 UStNr:
317/5702/0638 Inhaber Ruhrstadt-Agentur Com4 e.K.: Gabi Banfield -------- Original-Nachricht --------
This line was left over from an earlier draft. It's now removed. It may reappear in the security considerations section. EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Craig Heath > Sent: Thursday, March 10, 2011 10:33 AM > To: oauth@ietf.org > Subject: [OAUTH-WG] Implicit Grant Client Authentication > > I'm sure this has been gone over before, so apologies for that, but I haven't > found a clear answer (is there a better way than just Google to search the > mailing list archive, by the way?) > > I've been puzzling over this text in 4.2: "... the authentication of the client is > based on the user-agent's same-origin policy." > > I get that the client can't be provisioned with secret credentials and that's > why we're using this flow, but I'm puzzled by the implication that it might still > be possible to authenticate the client. Isn't the point of this flow that you > can't? > > Specifically, how would you verify that the request is coming from a user > agent that even has a same-origin policy? > > Thanks! > > - Craig. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth |
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth