Francisco,
just to make sure I understood your paper correctly: even native clients
are required to have a backend server component, which receives the
authorization results and makes it available to the native client?
regards,
Torsten.
Hi all,
OAuth provides only weak security when used with
unregistered applications. OTOH compulsory registration is
a bad idea: imagine a situation where a social site becomes
dominant, social login via that site becomes the de facto
authentication standard on the Web, every application has to
register with the site, and the site can kill any
application by revoking its registration. I've written a
paper <http://www.pomcor.com/whitepapers/PKAuth.pdf> that proposes a
solution. Thanks in advance for any
comments.
-- Francisco
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
