[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

On Mon, May 13, 2024 at 5:15 PM Sam Goto wrote: > > > On Mon, May 13, 2024 at 4:50 PM Dick Hardt wrote: > >> >> >> On Mon, May 13, 2024 at 4:33 PM David Waite >> wrote: >> >>> >>> >>> > On May 13, 2024, at 4:10 PM, Dick Hardt wrote: >>> >>> > This seems in conflict with the Account Chooser

[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

On Mon, May 13, 2024 at 4:50 PM Dick Hardt wrote: > > > On Mon, May 13, 2024 at 4:33 PM David Waite > wrote: > >> >> >> > On May 13, 2024, at 4:10 PM, Dick Hardt wrote: >> >> > This seems in conflict with the Account Chooser that Google presents, >> which users now understand as a way for

[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

On Mon, May 13, 2024 at 4:33 PM David Waite wrote: > > > > On May 13, 2024, at 4:10 PM, Dick Hardt wrote: > > > This seems in conflict with the Account Chooser that Google presents, > which users now understand as a way for them to select which Google account > they want to use. As a Google

[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

> On May 13, 2024, at 4:10 PM, Dick Hardt wrote: > This seems in conflict with the Account Chooser that Google presents, which > users now understand as a way for them to select which Google account they > want to use. As a Google user, I find this experience with the Google IdP to > work

[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

On Mon, May 13, 2024 at 12:49 PM Sam Goto wrote: > > > On Sat, May 11, 2024 at 3:22 PM Dick Hardt wrote: > >> >> >> On Wed, May 8, 2024 at 4:07 PM Sam Goto >> wrote: >> >>> That's easier to answer: the browser needs name/email/picture to >>> construct an account chooser >>>

[OAUTH-WG] Re: WGLC for Cross-Device Flows BCP

Thanks to Dean, Roy, Tim and Marco for the feedback in response to the working group last call for the cross-device security BCP. Your feedback helped to improve the draft, much appreciated. All issues that were raised are addressed in the latest release which is available here:

[OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-07.txt

Internet-Draft draft-ietf-oauth-cross-device-security-07.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Cross-Device Flows: Security Best Current Practice Authors: Pieter Kasselman Daniel Fett Filip Skokan

[OAUTH-WG] Re: Invitation: OAuth WG Virtual Interim - FedCM @ Tue May 7, 2024 12pm - 1pm (EDT) (oauth@ietf.org)

On Sat, May 11, 2024 at 3:22 PM Dick Hardt wrote: > > > On Wed, May 8, 2024 at 4:07 PM Sam Goto > wrote: > >> That's easier to answer: the browser needs name/email/picture to >> construct an account chooser >>

[OAUTH-WG] Re: Mahesh Jethanandani's No Objection on draft-ietf-oauth-security-topics-27: (with COMMENT)

Thanks for the review, Mahesh! I fixed the usage of "man", "he", and "traditional" in this PR: https://github.com/oauthstuff/draft-ietf-oauth-security-topics/pull/99 The term "mastertheses" needs to remain as-is, as it appears only in a URL(!) The term "native" is commonly used to describe