Thanks Hannes, Since I wasn't able to give an intro during the meeting today, I'd like to share a little more context about this here as well.
At the Internet Identity Workshop in Mountain View last week, I led a session to collect feedback on recommendations for OAuth for browser based apps. During the session, we came up with a list of several points based on the collective experience of the attendees. I then tried to address all those points in this draft. The goal of this is not to specify any new behavior, but rather to limit the possibilities that the existing OAuth specs provide, to ensure a secure implementation in browser based apps. Thanks in advance for your review and feedback! Aaron Parecki aaronpk.com On Tue, Nov 6, 2018 at 10:55 AM Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > Hi all, > > Today we were not able to talk about > draft-parecki-oauth-browser-based-apps-00, which describes "OAuth 2.0 for > Browser-Based Apps". > > Aaron put a few slides together, which can be found here: > > https://datatracker.ietf.org/meeting/103/materials/slides-103-oauth-sessa-oauth-2-for-browser-based-apps-00.pdf > > Your review of this new draft is highly appreciated. > > Ciao > Hannes > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- ---- Aaron Parecki aaronparecki.com @aaronpk <http://twitter.com/aaronpk>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
