Watson,
On 11/12/2014 01:36 AM, Watson Ladd wrote: > What exactly is being copied? RFC 6749 doesn't provide a way to ensure > cookie stealing doesn't happen. Access tokens aren't bound, so a > mechanism needs to be provided to bind them. I don't see where the > conflict with OAuth is. The work to look at is called 'proof-of-possession': http://datatracker.ietf.org/wg/oauth/documents/ A good starting point is this document: http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
