[OAUTH-WG] Question on section 10.3 in Core spec.

"matake@gmail" <matake@gmail.com> Fri, 11 November 2011 08:23 UTC

Return-Path: <matake@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 02A8521F8469 for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2011 00:23:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.97
X-Spam-Status: No, score=-2.97 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_RECV_IP_218216=0.629]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 0NqS-XwciHb3 for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2011 00:23:50 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6367B21F8468 for <oauth@ietf.org>; Fri, 11 Nov 2011 00:23:50 -0800 (PST)
Received: by ggnr4 with SMTP id r4so2815775ggn.31 for <oauth@ietf.org>; Fri, 11 Nov 2011 00:23:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=ZhyO9lMzUMl+RyJlkjW3cVsxXr35G2lRKz5E3GC+m1E=; b=iSxWjRbrfhBwsuhy7wUZDnXrZKMYtZdkE9eZUNFxxOoHkMK6BMln8LiQccp3I4IKFU U9D3bWviZvrBHwncrrEE8D0gYizo2ssWitgu/zr/c4SwT3W5AH5AVuMsXdkOWvnxjB+k aeVZE0lUYJQZ/xj2hUOtR1/4WJWakT3uDaZ2o=
Received: by with SMTP id x1mr22044083pbj.14.1320999829699; Fri, 11 Nov 2011 00:23:49 -0800 (PST)
Received: from [] ([]) by mx.google.com with ESMTPS id b2sm28300329pbc.2.2011. (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Nov 2011 00:23:48 -0800 (PST)
From: "matake@gmail" <matake@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 11 Nov 2011 17:23:49 +0900
Message-Id: <DFD088E3-B273-4FA6-B61D-313423D58E4F@gmail.com>
To: oauth WG <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Subject: [OAUTH-WG] Question on section 10.3 in Core spec.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2011 08:23:51 -0000

Hi all,

I'm now translating OAuth 2.0 Core & Bearer specs into Japanese with my friends.
I have one question on section 10.3 in Core spec.

"To prevent this form of attack, native applications SHOULD use external browsers instead of embedding browsers in an iframe when requesting end-user authorization."

Here, what do you mean for "in an iframe"?
I thought it means "embedded browser is in an iframe", but I can't imagine it can be..

Thanks in advance

nov matake