On Mon, May 13, 2024 at 5:15 PM Sam Goto wrote:
>
>
> On Mon, May 13, 2024 at 4:50 PM Dick Hardt wrote:
>
>>
>>
>> On Mon, May 13, 2024 at 4:33 PM David Waite
>> wrote:
>>
>>>
>>>
>>> > On May 13, 2024, at 4:10 PM, Dick Hardt wrote:
>>>
>>> > This seems in conflict with the Account Chooser
On Mon, May 13, 2024 at 4:50 PM Dick Hardt wrote:
>
>
> On Mon, May 13, 2024 at 4:33 PM David Waite
> wrote:
>
>>
>>
>> > On May 13, 2024, at 4:10 PM, Dick Hardt wrote:
>>
>> > This seems in conflict with the Account Chooser that Google presents,
>> which users now understand as a way for
On Mon, May 13, 2024 at 4:33 PM David Waite
wrote:
>
>
> > On May 13, 2024, at 4:10 PM, Dick Hardt wrote:
>
> > This seems in conflict with the Account Chooser that Google presents,
> which users now understand as a way for them to select which Google account
> they want to use. As a Google
> On May 13, 2024, at 4:10 PM, Dick Hardt wrote:
> This seems in conflict with the Account Chooser that Google presents, which
> users now understand as a way for them to select which Google account they
> want to use. As a Google user, I find this experience with the Google IdP to
> work
On Mon, May 13, 2024 at 12:49 PM Sam Goto wrote:
>
>
> On Sat, May 11, 2024 at 3:22 PM Dick Hardt wrote:
>
>>
>>
>> On Wed, May 8, 2024 at 4:07 PM Sam Goto
>> wrote:
>>
>>> That's easier to answer: the browser needs name/email/picture to
>>> construct an account chooser
>>>
Thanks to Dean, Roy, Tim and Marco for the feedback in response to the working
group last call for the cross-device security BCP. Your feedback helped to
improve the draft, much appreciated.
All issues that were raised are addressed in the latest release which is
available here:
Internet-Draft draft-ietf-oauth-cross-device-security-07.txt is now available.
It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: Cross-Device Flows: Security Best Current Practice
Authors: Pieter Kasselman
Daniel Fett
Filip Skokan
On Sat, May 11, 2024 at 3:22 PM Dick Hardt wrote:
>
>
> On Wed, May 8, 2024 at 4:07 PM Sam Goto
> wrote:
>
>> That's easier to answer: the browser needs name/email/picture to
>> construct an account chooser
>>
Thanks for the review, Mahesh!
I fixed the usage of "man", "he", and "traditional" in this PR:
https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/99
The term "mastertheses" needs to remain as-is, as it appears only in a
URL(!)
The term "native" is commonly used to describe