On 2010-03-09, at 6:24 PM, Ethan Jewett wrote:
I think it would make sense to advise client library and application
programmers to provide for the possibility of and storage of large
tokens. We should probably reference examples of tokens seen in the
wild and mention the technical
a good thing to include.
Ethan
On Tue, Mar 9, 2010 at 8:14 PM, Dick Hardt dick.ha...@gmail.com wrote:
On 2010-03-09, at 4:23 PM, Marius Scurtescu wrote:
On Tue, Mar 9, 2010 at 3:50 PM, David Recordon record...@gmail.com
wrote:
Ideally we'd limit the length of access and refresh
On 2010-03-09, at 7:50 PM, David Recordon wrote:
On Tue, Mar 9, 2010 at 7:25 PM, Dick Hardt dick.ha...@gmail.com wrote:
I understand the desire to set a max length that can easily fit into a DB.
There are lots of other items I think the developer is storing that can be
long as well, like
On 2010-03-08, at 1:09 PM, John Kemp wrote:
On Mar 8, 2010, at 3:35 PM, Dick Hardt wrote:
2) Client signed tokens are no more secure in MITM attacks than bearer
tokens for on-the-fly attacks. If the attacker can disrupt the channel, the
attacker can take the signed token and use
On 2010-03-05, at 6:57 AM, Eve Maler wrote:
More below...
On 4 Mar 2010, at 5:43 PM, Dick Hardt wrote:
Thanks Eve, comments inserted ...
On 2010-03-04, at 12:51 PM, Eve Maler wrote:
As requested on today's call, here's a description of the places where UMA
seems to need more than
On 2010-03-04, at 12:27 PM, Igor Faynberg wrote:
Blaine Cook wrote:
- Why are signatures needed?
1) For authentication
2) For ensuring integrity
3) For non-repudiation
Those are the general capabilities of signatures. Why does the Client need to
sign the request / token? is the
Hi Eve
Looking at the WRAP oriented comments in the spec, here are some comments /
questions:
Note
WRAP doesn't seem to say HTTPS is required for the user authorization URL; is
this a bug in the WRAP spec? If not, is it a good idea for us to profile it in
this way? Finally, is this the right
Thanks Eve, comments inserted ...
On 2010-03-04, at 12:51 PM, Eve Maler wrote:
As requested on today's call, here's a description of the places where UMA
seems to need more than what the WRAP paradigm offers (both profiling and
extending), based on the proposal at:
On 2010-02-03, at 11:21 AM, Eran Hammer-Lahav wrote:
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Eran Hammer-Lahav
Sent: Wednesday, February 03, 2010 11:19 AM
To: Dick Hardt
Cc: OAuth WG
Subject: Re: [OAUTH-WG] proposed agenda
On 2010-02-03, at 12:01 PM, Peter Saint-Andre wrote:
hat type='chair'/
On 2/3/10 12:46 PM, Dick Hardt wrote:
Wanting to discuss technical details when there does not seem to be
consensus on the problem we are solving was my Titanic reference.
Remember, these interim meetings
401 - 410 of 410 matches
Mail list logo
