On Wed, May 11, 2011 at 3:26 PM, Lodderstedt, Torsten < [email protected]> wrote:
> > > > Through registration and redirect URI validation. A native app does > > not have to impersonate, they can just register a user-agent client. > > Everything boils down to the user trusting the app. As Breno mentions, > > nothing the spec can do to help with that. > > It could recommend the authorization server not to automatically process > repeated authorizations without user consent if it cannot reliably > authenticate the client. > And, as I explained above, it would provide no additional meaningful security while at the same time eliminating the value of the user-agent profile. > > > > > Marius > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Breno de Medeiros
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
