On Thu, Aug 12, 2010 at 11:19 AM, Chuck Mortimore
wrote:
> I think it would be reasonable to loosen the language to reflect that the
> subject is who access will be granted to. It may or may not be the
> resource owner, I agree.
Any thoughts on what that would look like in the spec?Somethin
Given that, would you strongly object to these proposals being written
in a separate document than the core spec? The device flow is a good
example of where we're doing this. We really think that it will be
useful, are working on implementations, but it hasn't yet been proven
in production.
On Thu
I generally agree more with Chuck, David and Brain E than I don't.
But I do think that someone will find a pragmatic reason for > 1
assertion eventually and I think the proposal earlier in this thread
to allow for multiple occurrences of the assertion parameter in the
core spec will make that easie
On Thu, Aug 12, 2010 at 12:36 PM, David Recordon wrote:
> I've only been half following the recent assertion threads for this
> exact reason. I don't understand how these proposals are going to be
> used and worry about any additional complexity added to the spec.
Likewise.
__
I've only been half following the recent assertion threads for this
exact reason. I don't understand how these proposals are going to be
used and worry about any additional complexity added to the spec.
--David
On Thu, Aug 12, 2010 at 1:24 PM, Chuck Mortimore
wrote:
> Personally, I’d first like
Personally, I'd first like to see more concrete use-cases of how multiple
assertions are going to be used in practice. Tony alluded to some abstract
use-cases, but fuller descriptions would probably help everyone out.
-cmort
On 8/10/10 9:15 AM, "Eran Hammer-Lahav" wrote:
WFM.
> -Origi
On 8/9/10 9:30 AM, "Brian Campbell" wrote:
I received some feedback on the SAML profile from a cross posting on
the OASIS SSTC (SAML) list. Links to the thread topic index are
below[1], if you are interested, but I'll try and summarize the two
primary issues here.
First, concern was expresse
Hi Oleg -
"There are two kinds of information here: thirdparty.com state (e.g. list of
selected photos on Facebook) and access token, which is really a
printing.com
secret. If you store access token in a printing.com cookie you don't need to
share it with thirdparty.com."
The goal of the flow is
- Original Message
> From: Brian Eaton
> To: Oleg Gryb
> Cc: Naitik Shah ; OAuth WG
> Sent: Wed, August 11, 2010 11:03:12 AM
> Subject: Re: [OAUTH-WG] Quick survey: fragment vs. query
>
> On Tue, Aug 10, 2010 at 11:00 AM, Oleg Gryb wrote:
> > The thing is that each time when a we
Hi (Fellow) OAuthers,
Reading the spec over, I noticed the example in 5.2 says
WWW-Authenticate: OAuth realm='Example Service', error='expired-token'
but the syntax above it seems to want
WWW-Authenticate: OAuth realm='"Example Service" error="expired-token"
also, expired-token isn't a val
Hi Christian,
thanks for clarification.
Regards, Stefanie
Am 11.08.2010 18:22, schrieb Christian Scholz:
Hi!
Am 11.08.10 16:36, schrieb Stefanie Dronia:
Hallo Eve,
I read your proposal, too. Thanks for providing it.
Some questions:
# first part of chapter 2
# enchanced OAuth RS, A
11 matches
Mail list logo
