> > p.11 What is the meaning of "... the authentication of the client is based
>on the user-agent's same-origin policy." ? As far as I know, this policy
>restricts the hosts the JavaScript client is allowed to interact with. How
>does
>this "feature" authenticate the client on the authoriza
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Torsten Lodderstedt
Sent: Tuesday, August 24, 2010 3:42 PM
> p.11 What is the meaning of "... the authentication of the client is based on
> the user-agent's same-origin policy." ? As far as I
stedt
Sent: Saturday, August 28, 2010 11:38 AM
To: David Recordon
Cc: OAuth WG
Subject: Re: [OAUTH-WG] comments/questions on draft 10
I think a bit more then just defining the delimiter is required in order to
make things work as you described (in a interoperable way).
5.2.1 states "The "s
Am 28.08.2010 20:48, schrieb David Recordon:
On Sat, Aug 28, 2010 at 11:38 AM, Torsten Lodderstedt
mailto:tors...@lodderstedt.net>> wrote:
I think a bit more then just defining the delimiter is required in
order to make things work as you described (in a interoperable way).
5.2.1
On Sat, Aug 28, 2010 at 11:38 AM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:
> I think a bit more then just defining the delimiter is required in order
> to make things work as you described (in a interoperable way).
>
> 5.2.1 states "The "scope" attribute is a space-delimited list of
I think a bit more then just defining the delimiter is required in
order to make things work as you described (in a interoperable way).
5.2.1 states "The "scope" attribute is a space-delimited list of scope
values indicating the required scope of the access token for accessing
the requested r
Giving scope basic structure (space delimitated) allows any app developer to
store a list of scopes which they have and compare any desired scopes to
that list. While the meaning of each scope is not standardized, it allows
for this sort of simple operation on scope. 5.2.1 also defines how a
protec
--- p.6 terminology/authorization server
" A server capable of issuing tokens after successfully
authenticating the resource owner and obtaining authorization.
The authorization server may be the same server as the resource
server, or a separate entity. "
Based
