Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-29 Thread Marius Scurtescu
On Tue, Apr 12, 2011 at 7:27 AM, Andrew Arnott wrote: > I brought this concern up about a year ago.  Now reviewing the latest > drafts, I still have a concern with it.  It is regarding the use of > client_id without a password.  I agree with section 3, as included below: > Section 3. Client Authen

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Andrew Arnott
Apr 12, 2011, at 9:28 AM, Eran Hammer-Lahav wrote: > > > Hopefully by the end of the week. My farm took all my free time this > weekend. > > > > EHL > > > > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > > Sent: Tuesday, April 12, 2011 8:54 AM

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Skylar Woodward
EHL > > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Tuesday, April 12, 2011 8:54 AM > To: Eran Hammer-Lahav > Cc: Andrew Arnott; OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] client authentication for implicit grant type > > The proposed

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Eran Hammer-Lahav
include a section on phishing-like attacks. EHL From: Andrew Arnott [mailto:andrewarn...@gmail.com] Sent: Tuesday, April 12, 2011 8:30 AM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org<mailto:oauth@ietf.org>) Subject: Re: [OAUTH-WG] client authentication for implicit grant type Thanks

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Torsten Lodderstedt
section on phishing-like attacks. EHL *From:*Andrew Arnott [mailto:andrewarn...@gmail.com] *Sent:* Tuesday, April 12, 2011 8:30 AM *To:* Eran Hammer-Lahav *Cc:* OAuth WG (oauth@ietf.org) *Subject:* Re: [OAUTH-WG] client authentication for implicit grant type Thanks, Eran. Will the security

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Eran Hammer-Lahav
It should include a section on phishing-like attacks. EHL From: Andrew Arnott [mailto:andrewarn...@gmail.com] Sent: Tuesday, April 12, 2011 8:30 AM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] client authentication for implicit grant type Thanks, Eran. Will the

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Andrew Arnott
nt:* Tuesday, April 12, 2011 7:28 AM > *To:* OAuth WG (oauth@ietf.org) > *Subject:* [OAUTH-WG] client authentication for implicit grant type > > > > I brought this concern up about a year ago. Now reviewing the latest > drafts, I still have a concern with it. It is regarding the u

Re: [OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Eran Hammer-Lahav
[mailto:oauth-boun...@ietf.org] On Behalf Of Andrew Arnott Sent: Tuesday, April 12, 2011 7:28 AM To: OAuth WG (oauth@ietf.org) Subject: [OAUTH-WG] client authentication for implicit grant type I brought this concern up about a year ago. Now reviewing the latest drafts, I still have a concern with i

[OAUTH-WG] client authentication for implicit grant type

2011-04-12 Thread Andrew Arnott
I brought this concern up about a year ago. Now reviewing the latest drafts, I still have a concern with it. It is regarding the use of client_id without a password. I agree with section 3, as included below: Section 3. Client Authentication The client identifier is not a secret, it is exposed