This is an official interim working group meeting which goes by all the normal
IETF rules of such meetings and is open for all.
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Doug
Tangren
Sent: Tuesday, May 10, 2011 11:38 PM
To: Barry Leiba
Cc: OAuth WG
Subject: R
Yes and yes. Just please add (remote) to your name on the wiki page.
On Wed, May 11, 2011 at 8:38 AM, Doug Tangren wrote:
> 2 questions?
> 1. Would there be a conference line one could dial into remotely? (I'm in
> New York City)
> 2. Is this open to implementors of the spec in addition to it's a
2 questions?
1. Would there be a conference line one could dial into remotely? (I'm in
New York City)
2. Is this open to implementors of the spec in addition to it's authors?
(I'm currently implementing draft 15 as developer @ meetup.com)
-Doug Tangren
http://lessis.me
_
Hi Marius,
wrt "auto-approval": how is the authorization server supposed to validated the
client's identity in a reliable way? Otherwise another application (using the
id of the legitimate client) could abuse the authorization previously approved
by the user as long as the session with the auth
>> Sure, it's 1050 Page Mill Road in Palo Alto and then head to the lobby
>> of building 1.
>
> I have updated the wiki.
Hannes has also created an Eventbrite event for people to sign up at:
http://oauth-interim.eventbrite.com/
It's very important, for room planning purposes (and lunch, too) t
>> If you post the venue details to this thread, when you have them, I'll
>> update the wiki:
>> http://trac.tools.ietf.org/wg/oauth/trac/wiki/InterimMeeting
>
> Sure, it's 1050 Page Mill Road in Palo Alto and then head to the lobby
> of building 1.
I have updated the wiki.
Barry
_
On Tue, May 10, 2011 at 11:17 PM, Barry Leiba wrote:
>
> If you post the venue details to this thread, when you have them, I'll
> update the wiki:
> http://trac.tools.ietf.org/wg/oauth/trac/wiki/InterimMeeting
Sure, it's 1050 Page Mill Road in Palo Alto and then head to the lobby
of building 1
On Tue, May 10, 2011 at 3:00 AM, David Recordon wrote:
> Haven't seen any followup here but am running into people telling me that
> they're coming to Facebook. I'm still happy to host, just unclear since I
> haven't
> heard anything.
Yes, so sorry about that.
The chairs would be delighted to ac
Have the plans for the interim meeting been nailed down - including a rough
agenda ?
(I heard discussion on closing the open issues...anything else that will be
discussed ?)
Is this still being held at Facebook, 9-6 and were the web conference/dial
in numbers arranged ?
___
On Tue, May 10, 2011 at 6:25 AM, Doug Tangren wrote:
> Hi,
>
> I'm implementing an authorization and resource server at worked based on the
> oauth2 draft 15. A question arose about the user experience of users of an
> implicit client flow. I've set a one hour expiry on access tokens but now
> th
On Mon, May 9, 2011 at 7:11 PM, Peter Wolanin wrote:
> What about using the cookie header?
>
> We have a sha1-HMAC authentication scheme where we are passing the
> HMAC, nonce, timestamp as parts of the cookie header since scripting
> languages that cannot access arbitrary headers still usually ca
On 5/10/11 8:34 AM, David Recordon wrote:
> Anyone else noticed that they overlap each other this year? :-/
Yeah, it's a bummer.
Peter
--
Peter Saint-Andre
https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
___
OAuth mailin
These could be solved and the whole normalization process thrown out by
just restating the string that you signed. It's then up to the server to
decide if they want to reparse and validate the request or not, but it
gets around url rewriter problems, which I've had definite trouble with
in my deplo
It is a compelling use case, but one that I do not intend on solving within the
MAC draft for now. Getting MAC cookies adoption is much higher on my list and
anything that makes the specification longer and more complex stands in that
way.
However, feel free to propose a mechanism and we can di
But that's so much work. :-P
The ease of using a throwaway signed URL as a self-contained information
unit shouldn't be ignored. It requires exactly zero client-side code and
can survive all kinds of HTML repackaging and transit easily.
-- Justin
On Mon, 2011-05-09 at 22:11 -0400, Peter Wolanin
Anyone else noticed that they overlap each other this year? :-/
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
I can work with that. Thanks.
EHL
> -Original Message-
> From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie]
> Sent: Tuesday, May 10, 2011 3:25 AM
> To: Eran Hammer-Lahav
> Cc: Hannes Tschofenig; oauth@ietf.org WG; Peter Saint-Andre
> (stpe...@stpeter.im); 'Adam Barth (a...@adambarth
Hi,
I'm implementing an authorization and resource server at worked based on the
oauth2 draft 15. A question arose about the user experience of users of an
implicit client flow. I've set a one hour expiry on access tokens but now
the question is should the client be forced to re-prompt the user f
Hi Eran, all,
On 09/05/11 18:01, Eran Hammer-Lahav wrote:
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Hannes Tschofenig
>> Sent: Monday, May 09, 2011 4:25 AM
>
>> Goals and Milestones
>> May 2011Submit 'HTTP Authentication:
19 matches
Mail list logo
