Much appreciated Julian!
On Jul 12, 2012, at 1:31 AM, Julian Reschke wrote:
> On 2012-07-09 17:01, Julian Reschke wrote:
>> On 2012-07-09 16:48, Mike Jones wrote:
>>> HTML5 is not cited because it's a working draft - not an approved
>>> standard. In what way is "the definition of the media type
OAuth Core draft -29
On 2012-07-09 17:01, Julian Reschke wrote:
> On 2012-07-09 16:48, Mike Jones wrote:
>> HTML5 is not cited because it's a working draft - not an approved
>> standard. In what way is "the definition of the media type in HTML4
>> is known to be i
On 2012-07-09 17:01, Julian Reschke wrote:
On 2012-07-09 16:48, Mike Jones wrote:
HTML5 is not cited because it's a working draft - not an approved
standard. In what way is "the definition of the media type in HTML4
is known to be insufficient"? People have been successfully
implementing form-
On Jul 9, 2012, at 1:21 PM, Justin Richer wrote:
> Implicit grant makes perfect sense when the user agent and client are
> collapsed into a single entity. In other words, if your client is inside the
> user agent then doing a code flow doesn't actually buy you any extra security.
It protects t
Implicit grant makes perfect sense when the user agent and client are
collapsed into a single entity. In other words, if your client is inside
the user agent then doing a code flow doesn't actually buy you any extra
security. This is the driving design decision behind having it in there,
and fr
Hi Mike
Reading over the spec, I think some more color in 4.2 on the risks of the
Implicit Grant and where it makes sense and where it does not is in order.
Also, this should be in Section 9.
Thoughts?
-- Dick
On Jul 9, 2012, at 12:08 AM, Mike Jones wrote:
> A preliminary version of OAuth co
OK - will do
-Original Message-
From: Julian Reschke [mailto:julian.resc...@gmx.de]
Sent: Monday, July 09, 2012 8:50 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29
On 2012-07-09 17:36, Mike Jones wrote:
> What's the syntax for
On 2012-07-09 17:36, Mike Jones wrote:
What's the syntax for defining UNICODENOCTRLCHAR in a better way? I'd be eager
to incorporate that. I failed to find that part from your link.
...
Just change
UNICODENOCTRLCHAR =
to
UNICODENOCTRLCHAR = %x20-7E / %x80-D7FF / %xE000-FFFD / %x1
Given we are making the changes to the public client code flow.
I would change the name of the security consideration to:
> Misuse of Access Token to Impersonate Resource Owner in Implicit Flow
Sorry I forgot to change that when I sent it.
John B.
On 2012-07-09, at 3:08 AM, Mike Jones wrote:
>
09, 2012 8:02 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Preliminary OAuth Core draft -29
On 2012-07-09 16:48, Mike Jones wrote:
> HTML5 is not cited because it's a working draft - not an approved standard.
> In what way is "the definition of the media ty
On 2012-07-09 16:48, Mike Jones wrote:
HTML5 is not cited because it's a working draft - not an approved standard. In what way
is "the definition of the media type in HTML4 is known to be insufficient"?
People have been successfully implementing form-urlencoding with it for quite some time.
ack and forth on this.
I hope you can be on the call in ~2 hours as well.
Thank you,
-- Mike
-Original Message-
From: Julian Reschke [mailto:julian.resc...@gmx.de]
Sent: Monday, July 09, 2012 6:55 AM
To: Mike Jones
Cc: oa
On 2012-07-09 15:55, Julian Reschke wrote:
On 2012-07-09 09:08, Mike Jones wrote:
A preliminary version of OAuth core draft -29 is attached for the
working group’s consideration and discussion on today’s call. I believe
that this addresses all issues that have been raised, including Julian’s
is
On 2012-07-09 09:08, Mike Jones wrote:
A preliminary version of OAuth core draft -29 is attached for the
working group’s consideration and discussion on today’s call. I believe
that this addresses all issues that have been raised, including Julian’s
issues about the ABNF, character sets, and for
14 matches
Mail list logo
