This is completely meaningless. This list is all vendors specific (including OAuth 1.0 which lacks any form of discovery) which means libraries can easily hard-code the sites allowed into their library. Also, because there really isn't any authentication challenge involved, there is no issue with unfamiliar servers.
On the other hand, browsers encounter Cookie and Basic authentication requests all the time, and always with unfamiliar servers. That's the relevant example. EHL > -----Original Message----- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Brian Eaton > Sent: Tuesday, May 11, 2010 9:18 AM > To: Manger, James H > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] sites with wildcard > > On Mon, May 10, 2010 at 5:31 PM, Manger, James H > <james.h.man...@team.telstra.com> wrote: > > In general, the web is about following links. Clients need to know > > when following a link crosses a security boundary. Cookies provide > > this; Basic provides this; Digest provides this; OAuth needs this too. > > Notably absent from the list of protocols that need this: > - AuthSub > - ClientLogin > - BBAuth > - FBAuth > - AOL OpenAuth > - OAuth 1.0 > > Cheers, > Brian > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
