Hi,
we don't plan further changes.
regards,
Torsten.
Am 16.08.2012 19:35, schrieb Stephen Farrell:
Thanks,
Since this is on the Aug 30 telechat let's not have any further changes
without a chair/AD asking.
Ta,
S
On 16 Aug 2012, at 18:19, Torsten Lodderstedt wrote:
Hi all,
the new revi
Thanks,
Since this is on the Aug 30 telechat let's not have any further changes
without a chair/AD asking.
Ta,
S
On 16 Aug 2012, at 18:19, Torsten Lodderstedt wrote:
> Hi all,
>
> the new revision covers token substitution, which has been added to the core
> spec lately. Additionally, it d
Hi all,
the new revision covers token substitution, which has been added to the
core spec lately. Additionally, it describes a similar attack on the
code flow, which is prevented by forcing the authorization server to
validate that an authorization code had been issued to the calling client.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
