|
Hi Craig, could you pls. remove me from the lists. I coudn't find a unsubscribe-buton on the site. Thx. and regards, Gabi Gabi Banfield
Ruhrstadt-Agentur Com4 Düsseldorfer Str. 35 44143 Dortmund Mobil: 0151.22685714 Fax: 0321.21324606 Web: agentur-com4.com Mail: [email protected]
Amtsgericht Dortmund HRA 16316 UStNr:
317/5702/0638 Inhaber Ruhrstadt-Agentur Com4 e.K.: Gabi Banfield                  -------- Original-Nachricht --------
This line was left over from an earlier draft. It's now removed. It may reappear in the security considerations section. EHL > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Craig Heath > Sent: Thursday, March 10, 2011 10:33 AM > To: [email protected] > Subject: [OAUTH-WG] Implicit Grant Client Authentication > > I'm sure this has been gone over before, so apologies for that, but I haven't > found a clear answer (is there a better way than just Google to search the > mailing list archive, by the way?) > > I've been puzzling over this text in 4.2: "... the authentication of the client is > based on the user-agent's same-origin policy." > > I get that the client can't be provisioned with secret credentials and that's > why we're using this flow, but I'm puzzled by the implication that it might still > be possible to authenticate the client. Isn't the point of this flow that you > can't? > > Specifically, how would you verify that the request is coming from a user > agent that even has a same-origin policy? > > Thanks! > > - Craig. > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth |
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
