Re: [OAUTH-WG] proposal for factoring out request signing in OAuth 2

gt;> > following: >>> > >>> > - Non-repudiation: high-security deployments may require that requests >>> be >>> > authenticated (signed) in a non-repudiateable way[1] >>> > - Access to protected resources is not protected by SSL,

Re: [OAUTH-WG] Strict equality matching of redirect_uri

>> host name. And changing the load balancing architecture once deployed > >>> could be very hard. > >>> > >>> Since there is a state parameter maybe it is enough to allow wild > >>> cards only in the domain nam

Re: [OAUTH-WG] delegating access to another client

this is worth adding to the spec? It seems to be a > simple > >> addition and allows us to standardize what is emerging as a common > >> capability. > >> > >> -- Dick > >> ___ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > > ___ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] New service provider that supports OAuth 2.0

ook > > platform I'd be wondering. > > > > > > > > From:oauth-boun...@ietf.org [mailto: > oauth-boun...@ietf.org] On Behalf > > Of Allen Tom > > Sent: Wednesday, April 21, 2010 3:01 PM > > To: OAuth WG > > Subject: [OAUTH-WG] New service provider that supports OAuth 2.0 > > > >

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

t; https://www.ietf.org/mailman/listinfo/oauth > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] HTTPS requirement for using an Access Token without signatures

> WRAP was to replace HTTP Cookie auth, and it should be up to the service > provider to require HTTPS when applicable. > > Allen > > > ___ > OAuth mailing list > oa...@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > > > __

Re: [OAUTH-WG] A display parameter for user authorization requests

> Authorization Server. (This is probably the default and could be > >>> unneeded.) > >>> > >>> mobile - Force a mobile experience instead of the normal full page. > >>> > >>> Most Clients will never need to use this parameter because it will

Re: [OAUTH-WG] A display parameter for user authorization requests

ents will never need to use this parameter because it will > >> automatically work using the standard OAuth redirect, but developers can > >> override it and it's needed in the Web Client flow. > >> > >> --David > >> ___ > >> O

Re: [OAUTH-WG] Thinking about our secrets for signatures

Lahav wrote: > Why do you need to change the cryptographic properties of a token during > refresh? > > > > EHL > > > > *From:* Raffi Krikorian [mailto:ra...@twitter.com] > *Sent:* Friday, March 26, 2010 10:46 AM > *To:* Torsten Lodderstedt > *Cc:* Eran Hammer-

Re: [OAUTH-WG] Thinking about our secrets for signatures

t is unable to > provide an appropriate token type/secret. > sure - so at the first request time, you can request. it is still possible to upgrade and download the token time during refresh (switch from non signature to signature based on the refresh)? --

Re: [OAUTH-WG] Thinking about our secrets for signatures

gt;>> > > >> Well thought-out bearer tokens and well thought-out proof of > > >> possession tokens rarely look the same. > > >> ___ > > >> OAuth mailing list > > >> OAuth@ietf.org > > >> https://www.ietf.org/mailman/listinfo/oauth > > >> > > > ___ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > ___ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth