Thanks for getting this started.
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Blaine Cook
> Sent: Wednesday, April 27, 2011 2:37 PM
> Description of Working Group
>
> The Open Web Authentication (OAuth) protocol allows a user to grant
FWIW, I'd have no problem proposing a re-charter along
these lines to the IESG, if that's what the WG want.
Thanks to the chairs for putting it together.
S.
On 27/04/11 22:36, Blaine Cook wrote:
> Hi all,
>
> Now that the Easter holiday is over, please review the following
> revised OAuth char
Hi all,
Now that the Easter holiday is over, please review the following
revised OAuth charter and provide feedback by May 5th (one week from
today). Thanks!
Description of Working Group
The Open Web Authentication (OAuth) protocol allows a user to grant
a third-party Web site or application ac
Hi Axel et al.
Thanx for mentioning my WebPKI.org work :-)
I have personally not taken the JS / DOM route because
in the case you have a process that needs to be secured
beyond a single request/response-pair you tend to run
into difficulties combining trusted and untrusted code.
I.e. all my curre
> I did find it amusing that the paper defines bearer token as a 'cryptographic
> approach'. I guess no crypto is in its way an approach :-).
Well. It uses TLS as the underlying primitive. As such, it is a cryptographic
mechanism.
I know that we have different views about the pros & cons of the
Hi Hannes,
A) Authentication Mechanisms
Anders Rundgren is a caller in the desert for this for years:
http://webpki.org/
B) Authorization Interface
I think this is the point closest to oauth and that needs the most work.
C) Standardized JavaScript Crypto Library Support
This was discussed e.g. in
Fixed it.
Thanks for pointing this out.
Ciao
Hannes
Ps: Did we miss any technical points that would be useful to bring forward to
the Web browser community to improve the security of OAuth?
On Apr 27, 2011, at 6:50 PM, Igor Faynberg wrote:
> Good eye! (And an excellent point.)
>
> Igor
>
Good eye! (And an excellent point.)
Igor
Paul Madsen wrote:
but you are describing the protocol in the paper, not the group
A reference like 'The Open Web Authentication (OAuth) protocol [1]'
to
[1] E. Hammer-Lahav, D. Recordon, and D. Hardt, “The OAuth 2.0
Authorization Protocol,”
is go
This is true. There is no Open Web Authentication protocol. Only a WG.
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Paul Madsen
> Sent: Wednesday, April 27, 2011 8:41 AM
> To: Hannes Tschofenig
> Cc: oauth@ietf.org
> Subject: Re: [
but you are describing the protocol in the paper, not the group
A reference like 'The Open Web Authentication (OAuth) protocol [1]'
to
[1] E. Hammer-Lahav, D. Recordon, and D. Hardt, “The OAuth 2.0
Authorization Protocol,”
is going to confuse
On 4/27/11 11:35 AM, Hannes Tschofenig wrote:
Am 27.04.2011 17:35, schrieb Hannes Tschofenig:
In some sense you are right. The problem is just that this is the name of the
group :-)
http://datatracker.ietf.org/wg/oauth/charter/
Maybe we should adjust the name with the rechartering process.
I think we should.
regards,
Torsten.
On Apr 27
In some sense you are right. The problem is just that this is the name of the
group :-)
http://datatracker.ietf.org/wg/oauth/charter/
Maybe we should adjust the name with the rechartering process.
On Apr 27, 2011, at 6:17 PM, Paul Madsen wrote:
> 'Open Web Authentication protocol'? authentic
It's a relic from the formation of the working group.
I did find it amusing that the paper defines bearer token as a 'cryptographic
approach'. I guess no crypto is in its way an approach :-).
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Beha
Hi Hannes,
One comment immediately in the title. Isn't OAuth short for Open
Authorization, not Authentication?
Regards,
Dave
David B. Nelson
Sr. Software Architect
Elbrys Networks, Inc.
www.elbrys.com
+1.603.570.2636
___
OAuth mailing list
OAuth@ietf.o
'Open Web Authentication protocol'? authentication?
On 4/27/11 11:06 AM, Hannes Tschofenig wrote:
Hi guys,
Barry, Blaine and I compiled a short position paper for the upcoming W3C
identity in the browser workshop.
Here is the call for participation:
http://www.tschofenig.priv.at/svn/w3c-bro
Hi guys,
Barry, Blaine and I compiled a short position paper for the upcoming W3C
identity in the browser workshop.
Here is the call for participation:
http://www.tschofenig.priv.at/svn/w3c-browser-identity/
Here is the position paper:
http://www.tschofenig.priv.at/svn/w3c-browser-identity/o
16 matches
Mail list logo
