On Tue, Nov 18, 2008 at 6:58 PM, Allen Tom <[EMAIL PROTECTED]> wrote:
> Dirk Balfanz wrote: > >> Ok, new spec is up: >> http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html >> >> >> >> > Hi Dirk, > > It doesn't look like the hybrid spec changes the OpenID association > mechanism, so you should not mention the association mechanism in the last > sentence of Section 3. > Good catch. I took out the whole sentence. > > Under Security Considerations in Section 11, it would probably be good to > mention that anyone knowing the CK can force the SP to display the hybrid > approval page, while standard OAuth requires both the CK and the CSecret to > display a vanilla OAuth approval page. > Good idea. I added a paragraph in Section 11 explaining this. Dirk. > Thanks > Allen > > >
_______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
