Hi all, OAuth provides only weak security when used with unregistered applications. OTOH compulsory registration is a bad idea: imagine a situation where a social site becomes dominant, social login via that site becomes the de facto authentication standard on the Web, every application has to register with the site, and the site can kill any application by revoking its registration. I've written a paper that proposes a solution. Thanks in advance for any comments.
-- Francisco
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
