Hi Craig,

could you pls. remove me from the lists.
I coudn't find a unsubscribe-buton on the site.

Thx. and regards,

Gabi


Gabi Banfield

Ruhrstadt-Agentur Com4

Düsseldorfer Str. 35

44143 Dortmund

Mobil: 0151.22685714

Fax:    0321.21324606

Web:   agentur-com4.com

Mail:   banfi...@agentur-com4.com


Amtsgericht Dortmund HRA 16316

UStNr: 317/5702/0638

Inhaber Ruhrstadt-Agentur Com4 e.K.: Gabi Banfield

LinkedinXingWordpressBloggerBlog RSSTwitterTwitterTwitterdel.icio.usDiggFacebookYouTubeTypePadTumblrStumbleuponMySpaceGoogleSlideShareBebo


-------- Original-Nachricht --------
Betreff: Re: [OAUTH-WG] Implicit Grant Client Authentication
Datum: Thu, 24 Mar 2011 15:46:37 -0700
Von: Eran Hammer-Lahav <e...@hueniverse.com>
An: Craig Heath <craig.he...@wacapps.net>, "oauth@ietf.org" <oauth@ietf.org>


This line was left over from an earlier draft. It's now removed. It may reappear in the security considerations section.

EHL

> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Craig Heath
> Sent: Thursday, March 10, 2011 10:33 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Implicit Grant Client Authentication
> 
> I'm sure this has been gone over before, so apologies for that, but I haven't
> found a clear answer (is there a better way than just Google to search the
> mailing list archive, by the way?)
> 
> I've been puzzling over this text in 4.2: "... the authentication of the client is
> based on the user-agent's same-origin policy."
> 
> I get that the client can't be provisioned with secret credentials and that's
> why we're using this flow, but I'm puzzled by the implication that it might still
> be possible to authenticate the client.  Isn't the point of this flow that you
> can't?
> 
> Specifically, how would you verify that the request is coming from a user
> agent that even has a same-origin policy?
> 
> Thanks!
> 
> - Craig.
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to