Hi Igor, the writeup that Barry provided is not meant to be part of the OAuth core draft. Instead, it explores the bigger OAuth security story.
We certainly do not have an endless amount of time at the face-to-face meeting. So, Barry's presentation will be put at the end of the agenda and, if there is time, he could introduce us to the work. Ciao Hannes On Mar 28, 2011, at 10:36 AM, Igor Faynberg wrote: > > It appears to me that the first part of the draft is an OAuth tutorial, while > the last part is written in "shoulds." While a discussion of the user > interface issues is interesting, I strongly believe that it is out of scope > of OAuth. Other than that, I don't see anything that stands out as new or > has not been discussed in the past year. > Specifically, I don't see any references to the work that Torsten and Co. > have done in the past six months, nor to the discussions that we had had on > the list. > > Given a ridiculously short time we have for the OAuth meeting, I wish that we > don't spend any of it reinventing the wheel. I would like to see any > discussion on security SPECIFICALLY reference the existing document and > address its perceived gaps. > > Perhaps Barry could do that in the next three days? > > Igor > . > > > > Barry Leiba wrote: >> I have also just submitted this draft: >> http://tools.ietf.org/html/draft-leiba-oauth-additionalsecurityconsiderations >> >> Hannes has asked me to talk about it for a few minutes in the OAuth >> meeting on Friday, and I plan to. >> >> Barry >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
