Darren, Please join us on the new Objective-C OAuth list: http://groups.google.com/group/oauth-objective-c
-Jon On Mon, Feb 2, 2009 at 9:40 AM, Darren Bounds <[email protected]> wrote: > > Recently my colleague and I began looking a little closer at the > iPhone SDK in an effort to research how to best incorporate an OAuth > authorization model. Naturally UIWebView was front and center as it > currently provides the only method (at least that I'm aware of) for an > application to transition between itself and the browser without > requiring the user to re-launch the application. While at a glance, > this appeared ideal for OAuth, I became concerned when it was apparent > that all interaction, including HTTP request/response data, would be > fully accessible to the parent application via UIWebView. > > From my perspective, one of the greatest architectural features of the > OAuth and OpenID protocols is the complete absence of any requirement > the user place trust in the application they're authorizing or > authenticating to. This doesn't appear to be possible through > UIWebView as the application has the ability to capture any and all > interaction, regardless of whether SSL is employed. > > I'm curious if the group has any thoughts or greater insight into > UIWebView security model and its impact on user-agent trust and > privacy on the iPhone. Hopefully I've missed something. > > > References: > > UIWebView > > https://developer.apple.com/iphone/library/documentation/UIKit/Reference/UIWebView_Class/Reference/Reference.html#//apple_ref/doc/uid/TP40006950-CH3-SW11 > > UIWebViewDelegate > > https://developer.apple.com/iphone/library/documentation/UIKit/Reference/UIWebViewDelegate_Protocol/Reference/Reference.html > > NSURLRequest > > https://developer.apple.com/iphone/library/documentation/Cocoa/Reference/Foundation/Classes/NSURLRequest_Class/Reference/Reference.html#//apple_ref/doc/c_ref/NSURLRequest > > > Thanks, > Darren > > -- > darren bounds > [email protected] > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
