On Fri, Apr 30, 2010 at 8:46 AM, Eran Hammer-Lahav <[email protected]> wrote: > This language was requested by Brian.
And he is right, my bad. I considered only a narrow definition of same-origin. Marius > > EHL > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of Marius Scurtescu >> Sent: Thursday, April 29, 2010 5:39 PM >> To: OAuth WG >> Subject: [OAUTH-WG] same-origin policy >> >> Section 3.5.1, version 01, says: "These clients cannot keep client secrets >> confidential and the authentication of the client is based on the >> user-agent's >> same-origin policy." >> >> I don't think that the same-origin policy comes into play in this case. >> Authentication of the client is based only on the end-user validating the >> redirection URI. >> >> Marius >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
