-WG] Draft Proposal for a Cross Device Flow Security BCP
Hi Pieter / Daniel / Filip
It's great to see this document moving forward.
I may have missed it, but it may be worth being move explicit that one solution
is to avoid using cross-device flows for same-device scenarios? It's sort of
obvious
Hi Pieter / Daniel / Filip
It’s great to see this document moving forward.
I may have missed it, but it may be worth being move explicit that one solution
is to avoid using cross-device flows for same-device scenarios? It’s sort of
obvious, but questions like “well CIBA works for both
Thanks Brian, I will add clarification on CIBA and fix those transposition
errors. Much appreciated!
From: Brian Campbell
Sent: Friday, October 21, 2022 11:10 PM
To: Pieter Kasselman
Cc: oauth@ietf.org; Daniel Fett ; Filip Skokan
Subject: Re: [OAUTH-WG] Draft Proposal for a Cross Device Flow
And I just happened to notice there are a few mentions of RFC8682 (TinyMT32
Pseudorandom Number Generator) which should probably be RFC8628 (OAuth 2.0
Device Authorization Grant).
On Fri, Oct 21, 2022 at 4:06 PM Brian Campbell
wrote:
> Just want to try and clarify some things about the status
Just want to try and clarify some things about the status of CIBA, which is
described somewhat erroneously as a "standard under development." There is
a FAPI profile of CIBA that is still under development but core CIBA