Ah, now I got it. Thanks! On 2011/11/11, at 22:59, Torsten Lodderstedt wrote:
> Hi, > > you are right, iframe is not the correct techniquehere. Browsers are embedded > into a native UI using browser widget or something similar. I think "... > embedding a browser into the application's user interface when requesting > end-user authorization ..." would fit better. > > regards, > Torsten. > > Am 11.11.2011 09:23, schrieb matake@gmail: >> Hi all, >> >> I'm now translating OAuth 2.0 Core& Bearer specs into Japanese with my >> friends. >> I have one question on section 10.3 in Core spec. >> >> "To prevent this form of attack, native applications SHOULD use external >> browsers instead of embedding browsers in an iframe when requesting end-user >> authorization." >> >> Here, what do you mean for "in an iframe"? >> I thought it means "embedded browser is in an iframe", but I can't imagine >> it can be.. >> >> Thanks in advance >> >> -- >> nov matake >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
