On 09/07/2011 10:22 AM, Phil Hunt wrote:
You should read the threat model document. This document has more editorial on these kinds of issues.
This seems reasonable to me, and thank you so much for departing from what seems to be standard working group mode by dealing with this like an adult. It seems to me that there are some usability problems that while not being unique to oauth, really aren't that much like what we usually run into with on-the-wire protocols. Documents in the security area have typically not dealt with usability issues even when, perhaps, they should, given their impact on how secure a technology is in the field. Getting that into a threat model document sounds about right to me. Melinda _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
