So there are some of both. How treacherous is the migration path from SWD to
WebFinger, for example, in case consensus is to develop and move forward with
the latter?
-MSK
From: apps-discuss-boun...@ietf.org [mailto:apps-discuss-boun...@ietf.org] On
Behalf Of Mike Jones
Sent: Tuesday, April 1
I know that 7 of the 8 public participants in the current OpenID Connect
interop testing have implemented SWD at this point. (I know of several more
who’ve built it as well but haven’t chosen to make their interop test results
public yet.) There are likely other implementations I’m unaware of.
That's a tricky question - maybe one google can help answer? There are a
bunch of projects using webfinger, including status.net, ostatus in
general, diaspora, unhosted, freedombox(?), and I'm sure others, but I have
no idea how that translates into actual users or profiles.
Gmail, aol, and yahoo
Note that the authors of the paper have a website up where one can submit
traces to their "Browser Relayed Messages (BRM)" analyzer, plus the obligate
forum etc.
http://sso-analysis.org/
HTH,
=JeffH
___
OAuth mailing list
OAuth@ietf.org
https://ww
Yeah, we encountered this problem doing a binding between FB and other
accounts. We found that FB actually used a valid browser cookie rather than
serving back the needed auth page we wanted for the user. We had to work
around this by calling their un-CSRF protected sign-out link first.
It
What is the deployment status of these two specs? Is either deployed
much at all? -T
On Fri, Apr 13, 2012 at 10:45 AM, Murray S. Kucherawy
wrote:
>> -Original Message-
>> From: apps-discuss-boun...@ietf.org [mailto:apps-discuss-boun...@ietf.org]
>> On Behalf Of Stephen Farrell
>> Sent
I'll be at IIW and it would be nice to catch up on OAuth work. I'm
going home Thursday evening, so I prefer Tues-Thurs.
/Simon
writes:
> Same for me. Tues-Thurs works better for me too.
> Axel
>
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Beha
I posted to my blog about a significant implementation flaw made by people
using Facebook's OAuth 2 implementation.
I understand that Facebook is fixing it in there own code, but many clients are
exploitable.
For those interested.
http://www.thread-safe.com/2012/04/followup-on-oauth-facebook-
Hi all,
A recent news article [1] was brought to my attention this week
that's about a paper [2] which I've just read. While it mostly
deals with implementation and integration flaws, I'm wondering
if there's anything in there that could benefit any of the
oauth drafts. Anyone had a look at that
It was also my understanding that this was for something outside of IIW,
in addition to whatever happens *at* IIW. Nothing's stopping there being
various IIW sessions on topic as well, but there's something to be said
for getting together for a few hours at a shot without the distractions
of th
I am also only at IIW on tuesday.
Allan
On 4/16/12 15:28, John Bradley wrote:
I only purchased the Tuesday for IIW because I am tied up Wednesday and Thursday is traditionally digital death or something like that.
Tuesday is best if it is going to be dur
11 matches
Mail list logo
