On 2010-06-14, at 9:41 PM, Evan Gilbert wrote:
>
> If a response from the AS is untrusted, there are much bigger issues at
> stake. ... or am I missing an obvious attack where random JSON would get sent
> to the Client?
>
> For the web server flow, you know the AS server you called and can re
>
>
> If a response from the AS is untrusted, there are much bigger issues at
> stake. ... or am I missing an obvious attack where random JSON would get
> sent to the Client?
>
For the web server flow, you know the AS server you called and can
reasonably trust the data.
For the user agent flow, a
gt; *Sent:* Sunday, June 13, 2010 11:20 AM
> *To:* Eran Hammer-Lahav
> *Cc:* Robert Sayre; OAuth WG (oauth@ietf.org)
>
> *Subject:* Re: [OAUTH-WG] Proposal for single JSON response format
>
>
>
>
>
> On Sun, Jun 13, 2010 at 8:18 AM, Eran Hammer-Lahav
> wrote:
>
+1 (JSON in direct response, separate discussion on redirect response)
On Mon, Jun 14, 2010 at 10:15 AM, Brian Eaton wrote:
> On Mon, Jun 14, 2010 at 10:00 AM, Eran Hammer-Lahav
> wrote:
> > So far we have 16 people supporting using JSON as the only response
> format
> > for the token endpoint
On Mon, Jun 14, 2010 at 10:00 AM, Eran Hammer-Lahav wrote:
> So far we have 16 people supporting using JSON as the only response format
> for the token endpoint with no objections. Draft -07 reflects this change. I
> am
> considering this matter closed, but if someone has a late objection, feel
So far we have 16 people supporting using JSON as the only response format for
the token endpoint with no objections. Draft -07 reflects this change. I am
considering this matter closed, but if someone has a late objection, feel free
to raise it.
As for using JSON in the fragment or query of th
+1 on JSON in response bodies
-1 on JSON in URL query parameters or fragments.
Dirk.
On Sun, Jun 13, 2010 at 2:46 AM, Evan Gilbert wrote:
> -1
>
> I disagree very strongly with this approach if I'm understanding
> correctly. Let me paraphrase to make sure I understand:
>
> All responses, even t
rg<mailto:oauth-boun...@ietf.org>] On Behalf Of
Evan Gilbert
Sent: Sunday, June 13, 2010 2:47 AM
To: Robert Sayre
Cc: OAuth WG (oauth@ietf.org<mailto:oauth@ietf.org>)
Subject: Re: [OAUTH-WG] Proposal for single JSON response format
-1
I disagree very strongly with this approach if
On 2010-06-13, at 11:20 AM, Evan Gilbert wrote:
>
>
> On Sun, Jun 13, 2010 at 8:18 AM, Eran Hammer-Lahav
> wrote:
> Using JSON in the end-user authorization endpoint response is still something
> we need to discuss. In the web server flow, it makes more sense to use
> form-encoded because t
> *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf
> Of *Evan Gilbert
> *Sent:* Sunday, June 13, 2010 2:47 AM
> *To:* Robert Sayre
> *Cc:* OAuth WG (oauth@ietf.org)
> *Subject:* Re: [OAUTH-WG] Proposal for single JSON response format
>
>
>
> -1
oauth@ietf.org)
Subject: Re: [OAUTH-WG] Proposal for single JSON response format
-1
I disagree very strongly with this approach if I'm understanding correctly. Let
me paraphrase to make sure I understand:
All responses, even those encoded in a browser URL redirect back from the AS
(red
-1
I disagree very strongly with this approach if I'm understanding
correctly. Let me paraphrase to make sure I understand:
All responses, even those encoded in a browser URL redirect back from the AS
(redirect with verification code in the web server flow and the redirect
with token in the user-
+1
On Fri, Jun 11, 2010 at 1:17 AM, Naitik Shah wrote:
> +1
>
> On Thu, Jun 10, 2010 at 5:50 PM, Luke Shepard wrote:
>>
>> +1
>>
>> On Jun 10, 2010, at 5:46 PM, Manger, James H wrote:
>>
>> > +1
>> >
>> > --
>> > James Manger
>> >
>> > --
>> > From: oauth-boun...@ietf.org [mailto:oauth-b
+1
On Thu, Jun 10, 2010 at 5:50 PM, Luke Shepard wrote:
> +1
>
> On Jun 10, 2010, at 5:46 PM, Manger, James H wrote:
>
> > +1
> >
> > --
> > James Manger
> >
> > --
> > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Eran Hammer-Lahav
> > Sent: Friday, 11 June
+1
On Jun 10, 2010, at 5:46 PM, Manger, James H wrote:
> +1
>
> --
> James Manger
>
> --
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> Eran Hammer-Lahav
> Sent: Friday, 11 June 2010 6:29 AM
> To: OAuth WG (oauth@ietf.org)
> Subject: [OAUTH-WG] Proposal f
+1
--
James Manger
--
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Friday, 11 June 2010 6:29 AM
To: OAuth WG (oauth@ietf.org)
Subject: [OAUTH-WG] Proposal for single JSON response format
- Support a single response format (including i
+1.
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
+1
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
+1
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
+1
=nat @ Tokyo via iPhone
On 2010/06/11, at 7:18, Brian Eaton wrote:
+1.
On Thu, Jun 10, 2010 at 1:29 PM, Eran Hammer-Lahav > wrote:
After taking a break from our previous debate(s) on the issue of
which response format to support, I would like to suggest the
following:
- Support a si
+1
Am 10.06.2010 22:29, schrieb Eran Hammer-Lahav:
After taking a break from our previous debate(s) on the issue of which response
format to support, I would like to suggest the following:
- Support a single response format (including in the user-agent fragment) using
JSON.
My reason for thi
+1
Propose we have other encodings as extensions, then.
-- justin
On Thu, 2010-06-10 at 16:29 -0400, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single re
+1 with optional extension for XML encoded
-cmort
On 6/10/10 1:29 PM, "Eran Hammer-Lahav" wrote:
After taking a break from our previous debate(s) on the issue of which response
format to support, I would like to suggest the following:
- Support a single response format (including in the user
+1
On 2010-06-10, at 1:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> response format to support, I would like to suggest the following:
>
> - Support a single response format (including in the user-agent fragment)
> using JSON.
>
>
+1 for MUST JSON response, MAY form-encoded (and xml, etc etc) response via
extension (response_format parameter?)
-- Justin Hart
-- jh...@photobucket.com
On Jun 10, 2010, at 2:29 PM, Eran Hammer-Lahav wrote:
> After taking a break from our previous debate(s) on the issue of which
> r
25 matches
Mail list logo
