On 2010-06-14, at 9:41 PM, Evan Gilbert wrote:
>
> If a response from the AS is untrusted, there are much bigger issues at
> stake. ... or am I missing an obvious attack where random JSON would get sent
> to the Client?
>
> For the web server flow, you know the AS server you called and can re
>
>
> If a response from the AS is untrusted, there are much bigger issues at
> stake. ... or am I missing an obvious attack where random JSON would get
> sent to the Client?
>
For the web server flow, you know the AS server you called and can
reasonably trust the data.
For the user agent flow, a
gt; *Sent:* Sunday, June 13, 2010 11:20 AM
> *To:* Eran Hammer-Lahav
> *Cc:* Robert Sayre; OAuth WG (oauth@ietf.org)
>
> *Subject:* Re: [OAUTH-WG] Proposal for single JSON response format
>
>
>
>
>
> On Sun, Jun 13, 2010 at 8:18 AM, Eran Hammer-Lahav
> wrote:
>
+1 (JSON in direct response, separate discussion on redirect response)
On Mon, Jun 14, 2010 at 10:15 AM, Brian Eaton wrote:
> On Mon, Jun 14, 2010 at 10:00 AM, Eran Hammer-Lahav
> wrote:
> > So far we have 16 people supporting using JSON as the only response
> format
> > for the token endpoint
On Mon, Jun 14, 2010 at 10:00 AM, Eran Hammer-Lahav wrote:
> So far we have 16 people supporting using JSON as the only response format
> for the token endpoint with no objections. Draft -07 reflects this change. I
> am
> considering this matter closed, but if someone has a late objection, feel
So far we have 16 people supporting using JSON as the only response format for
the token endpoint with no objections. Draft -07 reflects this change. I am
considering this matter closed, but if someone has a late objection, feel free
to raise it.
As for using JSON in the fragment or query of th
;> >> > +1
>> >> >
>> >> > --
>> >> > James Manger
>> >> >
>> >> > --
>> >> > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
>> Behalf
>> >> > Of E
rg<mailto:oauth-boun...@ietf.org>] On Behalf Of
Evan Gilbert
Sent: Sunday, June 13, 2010 2:47 AM
To: Robert Sayre
Cc: OAuth WG (oauth@ietf.org<mailto:oauth@ietf.org>)
Subject: Re: [OAUTH-WG] Proposal for single JSON response format
-1
I disagree very strongly with this approach if
On 2010-06-13, at 11:20 AM, Evan Gilbert wrote:
>
>
> On Sun, Jun 13, 2010 at 8:18 AM, Eran Hammer-Lahav
> wrote:
> Using JSON in the end-user authorization endpoint response is still something
> we need to discuss. In the web server flow, it makes more sense to use
> form-encoded because t
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Evan Gilbert
> *Sent:* Sunday, June 13, 2010 2:47 AM
> *To:* Robert Sayre
> *Cc:* OAuth WG (oauth@ietf.org)
> *Subject:* Re: [OAUTH-WG] Proposal for single JSON response format
>
>
>
> -1
oauth@ietf.org)
Subject: Re: [OAUTH-WG] Proposal for single JSON response format
-1
I disagree very strongly with this approach if I'm understanding correctly. Let
me paraphrase to make sure I understand:
All responses, even those encoded in a browser URL redirect back from the AS
(red
gt;> >
> >> > --
> >> > James Manger
> >> >
> >> > --
> >> > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
> Behalf
> >> > Of Eran Hammer-Lahav
> >> > S
Manger
>> >
>> > --
>> > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> > Of Eran Hammer-Lahav
>> > Sent: Friday, 11 June 2010 6:29 AM
>> > To: OAuth WG (oauth@ietf.org)
>> > Subject: [OAUTH-WG] Pr
On Behalf
> Of Eran Hammer-Lahav
> > Sent: Friday, 11 June 2010 6:29 AM
> > To: OAuth WG (oauth@ietf.org)
> > Subject: [OAUTH-WG] Proposal for single JSON response format
> >
> > - Support a single response format (including in the user-agent fragment)
> using
> Subject: [OAUTH-WG] Proposal for single JSON response format
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
> ___
> OAuth mailing list
> OAuth@iet
+1
--
James Manger
--
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Friday, 11 June 2010 6:29 AM
To: OAuth WG (oauth@ietf.org)
Subject: [OAUTH-WG] Proposal for single JSON response format
- Support a single response format (including
+1.
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
+1
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
+1
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
After taking a break from our previous debate(s) on the issue of which response
format to support, I would like to suggest the following:
- Support a single response format (including in the user-agent fragment) using
JSON.
My reason for this is very simple, while right now we have a very limit
+1
=nat @ Tokyo via iPhone
On 2010/06/11, at 7:18, Brian Eaton wrote:
+1.
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav > wrote:
After taking a break from our previous debate(s) on the issue of
which response format to support, I would like to suggest the
following:
- Support a si
+1
Am 10.06.2010 22:29, schrieb Eran Hammer-Lahav:
After taking a break from our previous debate(s) on the issue of which response
format to support, I would like to suggest the following:
- Support a single response format (including in the user-agent fragment) using
JSON.
My reason for thi
+1
Propose we have other encodings as extensions, then.
-- justin
On Thu, 2010-06-10 at 16:29 -0400, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single re
+1 with optional extension for XML encoded
-cmort
On 6/10/10 1:29 PM, "Eran Hammer-Lahav" wrote:
After taking a break from our previous debate(s) on the issue of which response
format to support, I would like to suggest the following:
- Support a single response format (including in the user
+1
On 2010-06-10, at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
>
>
+1 for MUST JSON response, MAY form-encoded (and xml, etc etc) response via
extension (response_format parameter?)
-- Justin Hart
-- jh...@photobucket.com
On Jun 10, 2010, at 2:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> r
26 matches
Mail list logo
