(should I start a new thread instead of making multiple replies to this message?)
Re: Sec Typo/grammar in: "First- party apps are applications where by the same organization that provides the API being accessed by the application." Suggested rewrite: "First- party apps are applications where the same organization provides both the api and the application." On Mon, Jul 8, 2019 at 8:44 PM Leo Tohill <leotoh...@gmail.com> wrote: > regarding 6.1. Apps Served from a Common Domain as the Resource Server > > Isn't this recommendation neglecting some benefits or use cases of > Oauth? > > * An application that doesn't collect user credentials is an app that > doesn't need to be audited for problems such as password leakage into log > files. > * Applications that offload authentication to a identity server can > delegate to that server the complexities of MFA, password recovery,and the > like. Of course these CAN be done in the app, but isn't it sometimes > better to centralize those features in a identity server? Especially if > the organization has multiple apps that require these features. > > > I would soften " it is likely a better decision" to "it may be a better > decision". > > Leo > > > On Mon, Jul 8, 2019 at 7:05 PM Aaron Parecki <aa...@parecki.com> wrote: > >> Hi all, >> >> I've just uploaded a new version of oauth-browser-based-apps in >> preparation for the meeting in Montreal. >> >> https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-02 >> >> This draft incorporates much of the feedback I've received over the last >> couple months, as well as what we discussed at the last meeting in Prague. >> >> The primary change is a significant rewrite and addition of Section 6 to >> highlight the two common deployment patterns, a SPA with and without a >> dynamic backend. >> >> Please have a look and let me know what you think. I have a slot in the >> agenda for Montreal to present on this as well. >> >> Thanks! >> >> ---- >> Aaron Parecki >> aaronparecki.com >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
