I think you hit the nail on the head.
My feeling is that threats not directly related to OAuth obfuscate the key
issues we are trying to alert implementers and deployers to.
I think Barry made a good proposal but Michael still feels Barry's text has not
addressed the issue.
I think you are
Hi Stephen, Hi IESG secretary,
Derek and myself would like to submit the updated OAuth charter to the IESG.
Please find it below.
Ciao
Hannes
--
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party W
Thanks Phil.
These will be corrected in -27 (if we publish one to close IESG issues) or
during AUTH48.
EH
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Phil Harvey
> Sent: Wednesday, May 02, 2012 8:24 AM
> To: oauth@ietf.org
> Subject
Hi all,
I looked at the feedback for the draft-ietf-oauth-v2-threatmodel and I want to
share my thoughts with you (as a WG co-chair).
I believe there are three questions that need to be answered:
1) Is malicious code a problem?
I believe most people would agree that malicious code is indeed
Hello,
I noticed draft 26 was published and found a few typos while reading the diff
against draft 25:
1) Where the word SHALL was inserted into the paragraph under "2. Client
Registration", I noticed that the first word of each bullet point in the list
that follows it needs to be altered to f
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Assertion Profile
Author(s) : Michael B. Jones
Brian
I agree that context does sufficiently differentiate. I guess I'm just
lamenting the way that type has been overloaded in the base OAuth
stuff and am already dreading the conversions that might go something
like, "well which type of token type are we talking about here?"
This particular URN probab
