On Tue, Nov 26, 2019 at 7:20 AM Daniel Fett wrote:
> Am 26.11.19 um 14:24 schrieb Karsten Meyer zu Selhausen:
> > Depending on its implementation the client might simply extract all data
> > contained in the Client Information Response and use it for
> > authorizations with the specific AS.
> > W
On Mon, Dec 2, 2019 at 4:35 PM Richard Backman, Annabelle wrote:
> > Session cookies serve the same purpose in web apps as access tokens for
> APIs but there are much more web apps than APIs. I use the analogy to
> illustrate that either there are security issues with cloud deployments of
> web a
Am 03.12.19 um 10:21 schrieb Christian Mainka:
> Hi,
>
> according to [1], countermeasure (1) describes to
>
>> configure [the] authorization servers to return an AS identitifier
> ("iss") and the "client_id" for which a code or token was issued in the
> authorization response.
>
> So if an MixUp a
Hi,
according to [1], countermeasure (1) describes to
> configure [the] authorization servers to return an AS identitifier
("iss") and the "client_id" for which a code or token was issued in the
authorization response.
So if an MixUp attack is running, the victim contacts A-AS but is
redirected
Here are the meeting minutes from the Singapore IETF meeting:
https://datatracker.ietf.org/meeting/106/materials/minutes-106-oauth-03
Tony was our scribe. Thanks!
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the int