Almost done with -17.
I have sent a few emails to the list with open questions and requests. I will
include as many of the replies as I can before publishing tomorrow or Saturday.
My remaining task is to try and move as much of the normative text (MUST,
SHOULD) out of the security consideration
On Thu, Jul 7, 2011 at 4:01 AM, Eran Hammer-Lahav wrote:
> -17 will be published by Friday at which point I will leave it to
> the chairs to decide if they still want to initiate WGLC or give
> the draft a few days of informal review.
Working-group last call can cover all reviews of this. It's a
I finished the major part of -17, adding a new Client registration section and
folding client authentication into it. This new text attempts to directly
address:
* client authentication requirements
* define client types with regard to keeping secrets
* set registration requirements
* properly e
From: Shane Weeden mailto:swee...@au1.ibm.com>>
Date: Tue, 5 Jul 2011 13:24:36 –0700
6. Section 4.1.1 Authorization Request and section 4.2.1 Authorization
Request
To protect against CSRF I believe the state parameter should be REQUIRED,
unless someone can demonstrate a scenario where it is no
Eran Hammer-Lahav
To: OAuth WG
Date: 05-07-11 03:13 PM
Subject: [OAUTH-WG] Timely review request: pre-draft-17
Sent by:oauth-boun...@ietf.org
I have started sharing my planned changes for 17:
https://github.com/hueniverse/draft-ietf-oauth
Change log:
https://github.com
I have started sharing my planned changes for 17:
https://github.com/hueniverse/draft-ietf-oauth
Change log:
https://github.com/hueniverse/draft-ietf-oauth/commit/24a48f99c204331264028
f66708427961a1bc102#diff-3
My main focus right now is to clarify client types, registration, and
identificat
