> I did find it amusing that the paper defines bearer token as a 'cryptographic
> approach'. I guess no crypto is in its way an approach :-).
Well. It uses TLS as the underlying primitive. As such, it is a cryptographic
mechanism.
I know that we have different views about the pros & cons of the
Fixed it.
Thanks for pointing this out.
Ciao
Hannes
Ps: Did we miss any technical points that would be useful to bring forward to
the Web browser community to improve the security of OAuth?
On Apr 27, 2011, at 6:50 PM, Igor Faynberg wrote:
> Good eye! (And an excellent point.)
>
> Igor
>
Good eye! (And an excellent point.)
Igor
Paul Madsen wrote:
but you are describing the protocol in the paper, not the group
A reference like 'The Open Web Authentication (OAuth) protocol [1]'
to
[1] E. Hammer-Lahav, D. Recordon, and D. Hardt, “The OAuth 2.0
Authorization Protocol,”
is go
.org
> Subject: Re: [OAUTH-WG] Paper for the W3C Identity in the Browser
> Workshop about OAuth
>
> but you are describing the protocol in the paper, not the group
>
> A reference like 'The Open Web Authentication (OAuth) protocol [1]'
>
> to
>
> [1]
but you are describing the protocol in the paper, not the group
A reference like 'The Open Web Authentication (OAuth) protocol [1]'
to
[1] E. Hammer-Lahav, D. Recordon, and D. Hardt, “The OAuth 2.0
Authorization Protocol,”
is going to confuse
On 4/27/11 11:35 AM, Hannes Tschofenig wrote:
Am 27.04.2011 17:35, schrieb Hannes Tschofenig:
In some sense you are right. The problem is just that this is the name of the
group :-)
http://datatracker.ietf.org/wg/oauth/charter/
Maybe we should adjust the name with the rechartering process.
I think we should.
regards,
Torsten.
On Apr 27
In some sense you are right. The problem is just that this is the name of the
group :-)
http://datatracker.ietf.org/wg/oauth/charter/
Maybe we should adjust the name with the rechartering process.
On Apr 27, 2011, at 6:17 PM, Paul Madsen wrote:
> 'Open Web Authentication protocol'? authentic
-boun...@ietf.org] On Behalf
> Of Paul Madsen
> Sent: Wednesday, April 27, 2011 8:18 AM
> To: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Paper for the W3C Identity in the Browser
> Workshop about OAuth
>
> 'Open Web Authentication protocol'? authentication?
>
>
Hi Hannes,
One comment immediately in the title. Isn't OAuth short for Open
Authorization, not Authentication?
Regards,
Dave
David B. Nelson
Sr. Software Architect
Elbrys Networks, Inc.
www.elbrys.com
+1.603.570.2636
___
OAuth mailing list
OAuth@ietf.o
'Open Web Authentication protocol'? authentication?
On 4/27/11 11:06 AM, Hannes Tschofenig wrote:
Hi guys,
Barry, Blaine and I compiled a short position paper for the upcoming W3C
identity in the browser workshop.
Here is the call for participation:
http://www.tschofenig.priv.at/svn/w3c-bro
Hi guys,
Barry, Blaine and I compiled a short position paper for the upcoming W3C
identity in the browser workshop.
Here is the call for participation:
http://www.tschofenig.priv.at/svn/w3c-browser-identity/
Here is the position paper:
http://www.tschofenig.priv.at/svn/w3c-browser-identity/o
11 matches
Mail list logo
