How about confidential/open?
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Eran Hammer-Lahav
> Sent: Friday, July 22, 2011 2:12 PM
> To: Torsten Lodderstedt; OAuth WG
> Subject: Re: [OAUTH-WG] Issue 15, new client registration
>
>
This seems too verbose, considering how fundamental input validation is in
general.
I added the following to a new section:
A code injection attack occurs when an input or otherwise external
variable is used by an
application in which that input can cause modification of the
How about, add this to 10.1:
When client authentication is not possible, the authorization server
SHOULD employ other
means to validate the client's identity. For example, by requiring
the registration of
the client redirection URI or enlisting the resource owner to
I'm going to prepare slides regarding the status of the security document.
regards,
Torsten
-Original Message-
From: Barry Leiba
To: oauth WG
Sent: So., 24 Jul 2011 9:02
Subject: Re: [OAUTH-WG] Call For Agenda Items for IETF#81
I have updated the agenda, which should now be final and c
I have updated the agenda, which should now be final and can be found here:
http://www.ietf.org/proceedings/81/agenda/oauth.txt
I have slides only for the sidejacking attack discussion. Does no one
have slides for discussion of document issues? Perhaps this will be a
short meeting, because there
> -Original Message-
> From: tors...@lodderstedt-online.de [mailto:torsten@lodderstedt-
> online.de]
> Sent: Sunday, July 24, 2011 12:36 AM
> To: Eran Hammer-Lahav; oauth@ietf.org
> Subject: redirect uri validation (was: Issue 15, new client registration)
>
> Hi Eran,
>
> let's move the
