Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread William Mills
a service. From: Colin Snover [mailto:ietf@zetafleet.com] Sent: Tuesday, July 13, 2010 11:21 AM To: Eran Hammer-Lahav Cc: William Mills; David Recordon; OAuth WG; jh...@photobucket.com Subject: Re: [OAUTH-WG] ' force_auth

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Colin Snover
It's something people get wrong and we should make a way to get it right. *From:* Eran Hammer-Lahav [mailto:e...@hueniverse.com] *Sent:* Tuesday, July 13, 2010 10:08 AM *To:* William Mills *Cc:* David Recordon; Colin Snover; OAuth

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread William Mills
me form of force_auth is needed.  I > >>> haven't read enough on the "immediate" proposal, but I > know that we > >>> have run into the problem of trusting currently set > cookies in the > >>> browser (even when we're actually sending a us

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Eran Hammer-Lahav
oposal. >>> >>> >>>> >>>> >>>> >>>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of >>>> Colin Snover >>>> Sent: Tuesday, July 13, 2010 9:23 AM >>>> To: Eran H

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Eran Hammer-Lahav
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com] Sent: Tuesday, July 13, 2010 10:08 AM To: William Mills Cc: David Recordon; Colin Snover; OAuth WG Subject: Re: [OAUTH-WG] ' force_auth' request parameter The question is if we have consensus to force prov

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Colin Snover
*From:* oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org> [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>] *On Behalf Of *Colin Snover *Sent:* Tuesday, July 13, 2010 9:23 AM *To:* Eran Hammer-Lahav *Cc:* OAut

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread William Mills
Sent: Tuesday, July 13, 2010 9:58 AM To: William Mills Cc: Colin Snover; Eran Hammer-Lahav; OAuth WG Subject: Re: [OAUTH-WG] ' force_auth' request parameter

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Eran Hammer-Lahav
un...@ietf.org<mailto:oauth-boun...@ietf.org>] On Behalf Of Colin Snover Sent: Tuesday, July 13, 2010 9:23 AM To: Eran Hammer-Lahav Cc: OAuth WG Subject: Re: [OAUTH-WG] ' force_auth' request parameter On 22/07/28164 13:59, Eran Hammer-Lahav wrote: The following was submitte

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread William Mills
t: Re: [OAUTH-WG] ' force_auth' request parameter I support immediate and a form of forced auth (ala OpenID's PAPE) but not in the core spec. They both should be part of an identity extension. On Tue, Jul 13, 2010 at 9:51 AM, W

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Justin Hart
auth-boun...@ietf.org] On Behalf Of Colin Snover Sent: Tuesday, July 13, 2010 9:23 AM To: Eran Hammer-Lahav Cc: OAuth WG Subject: Re: [OAUTH-WG] ' force_auth' request parameter On 22/07/28164 13:59, Eran Hammer-Lahav wrote: The following was submitted via the shared-copy page but does not

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread David Recordon
> > I'm a +1 on the force_auth proposal. > > -- > *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf > Of *Colin Snover > *Sent:* Tuesday, July 13, 2010 9:23 AM > *To:* Eran Hammer-Lahav > *Cc:* OAuth WG > *Subject:* Re: [OAUTH-WG] ' force_au

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread William Mills
th WG Subject: Re: [OAUTH-WG] ' force_auth' request parameter On 22/07/28164 13:59, Eran Hammer-Lahav wrote: The following was submitted via the shared-copy page but does not belong with editorial feedback. This needs to be discussed and

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Eran Hammer-Lahav
Building consensus around new ideas is tough. The only advice I can give you is to identify the people most likely to support this idea and ping them off-list to try and get their support. I don't think it belongs in core because core currently represents pretty solid consensus on the feature se

Re: [OAUTH-WG] ' force_auth' request parameter

2010-07-13 Thread Colin Snover
On 22/07/28164 13:59, Eran Hammer-Lahav wrote: The following was submitted via the shared-copy page but does not belong with editorial feedback. This needs to be discussed and supported on the list before added the specification. I think it belongs where 'immediate' is specified. EHL --

[OAUTH-WG] ' force_auth' request parameter

2010-07-11 Thread Eran Hammer-Lahav
The following was submitted via the shared-copy page but does not belong with editorial feedback. This needs to be discussed and supported on the list before added the specification. I think it belongs where 'immediate' is specified. EHL -- Forwarded Message From: An anonymous reader Date: