Hi Igor,
if this information is of broader interest - why not. Let's talk about this in
Quebec.
regards,
Torsten.
Igor Faynberg schrieb:
Torsten,
With many thanks for the note, I think it would be great if you
documented the implementation report in an Informational RFC. In
particular, t
Torsten,
With many thanks for the note, I think it would be great if you
documented the implementation report in an Informational RFC. In
particular, the SIM-based authentication part is of particular interest
here--we had this discussion on this list recently-- as it naturally
extends the u
Hi all,
I would like to announce that we recently launched OAuth 2.0 support in
our Security Token Service. It will be used in upcoming consumer
products (e.g. Smartphone apps).
The current implementation supports draft 10 (but is also inline with
the latest text on native apps). It has the
Hi all,
I just posted the new revision of the OAuth 2.0 security threat model
and considerations document as WG item
(http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-00).
We incoporated all feedback we got on the list and at IETF-80. Many
thanks to all people who have given us fee
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
Am 30.06.2011 18:39, schrieb Eran Hammer-Lahav:
This debate has been going on for 3 years. In OAuth 1.0 it was called
token attributes. Someone just need to write a proposal. Last time I
tried, no one wanted to implement any such mechanism.
we already did
regards,
Torsten.
EHL
*From:
This assumes we support the authorization code grant type without client
authentication. See
http://www.ietf.org/mail-archive/web/oauth/current/msg06816.html and many
other contributions on the same topic
Regards
Mark
oauth-boun...@ietf.org wrote on 29/06/2011 02:15:10:
> From:
>
> Anthony Nada
