Re: [OAUTH-WG] Question on section 10.3 in Core spec.
"matake@gmail" <matake@gmail.com> Sat, 12 November 2011 03:04 UTC
Return-Path: <matake@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC8E311E8080 for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2011 19:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGmj3tZ1CFax for <oauth@ietfa.amsl.com>; Fri, 11 Nov 2011 19:04:22 -0800 (PST)
Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4B311E8073 for <oauth@ietf.org>; Fri, 11 Nov 2011 19:04:22 -0800 (PST)
Received: by pzk5 with SMTP id 5so3455991pzk.9 for <oauth@ietf.org>; Fri, 11 Nov 2011 19:04:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=IbcflpiwSFvC4HVAhDIESH1YQ+XVg+Mg1qYgRA4LEwk=; b=Jm7U8IVK7ZPQ35VR5+3FmMWMRlK3Dt+uG3xwCg8lpcqc0jfdIQwCjH/+LJoVZ0aWxZ 3hl5scfe6Fn4K3vy6OKHnbjj42yCvnVA3+alhqf1dd6Opsp+0OIq3oIUwoAMvAvxtgqF YMNtwetayBzWTHoU+JpNIwlz3BOEGdLWARatI=
Received: by 10.68.12.199 with SMTP id a7mr29216008pbc.58.1321067061730; Fri, 11 Nov 2011 19:04:21 -0800 (PST)
Received: from [192.168.1.108] (s141241.dynamic.ppp.asahi-net.or.jp. [220.157.141.241]) by mx.google.com with ESMTPS id wn14sm35128583pbb.5.2011.11.11.19.04.19 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Nov 2011 19:04:20 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="iso-8859-1"
From: "matake@gmail" <matake@gmail.com>
In-Reply-To: <4EBD2A50.5050202@lodderstedt.net>
Date: Sat, 12 Nov 2011 12:04:18 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <E881EB05-B8F4-4E3D-BE68-884843E25EAB@gmail.com>
References: <DFD088E3-B273-4FA6-B61D-313423D58E4F@gmail.com> <4EBD2A50.5050202@lodderstedt.net>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Mailer: Apple Mail (2.1251.1)
Cc: "wg-trans@openid.or.jp OIDF-J" <wg-trans@openid.or.jp>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Question on section 10.3 in Core spec.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2011 03:04:23 -0000
Ah, now I got it. Thanks! On 2011/11/11, at 22:59, Torsten Lodderstedt wrote: > Hi, > > you are right, iframe is not the correct techniquehere. Browsers are embedded into a native UI using browser widget or something similar. I think "... embedding a browser into the application's user interface when requesting end-user authorization ..." would fit better. > > regards, > Torsten. > > Am 11.11.2011 09:23, schrieb matake@gmail: >> Hi all, >> >> I'm now translating OAuth 2.0 Core& Bearer specs into Japanese with my friends. >> I have one question on section 10.3 in Core spec. >> >> "To prevent this form of attack, native applications SHOULD use external browsers instead of embedding browsers in an iframe when requesting end-user authorization." >> >> Here, what do you mean for "in an iframe"? >> I thought it means "embedded browser is in an iframe", but I can't imagine it can be.. >> >> Thanks in advance >> >> -- >> nov matake >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Question on section 10.3 in Core spec. matake@gmail
- Re: [OAUTH-WG] Question on section 10.3 in Core s… Torsten Lodderstedt
- Re: [OAUTH-WG] Question on section 10.3 in Core s… matake@gmail
- Re: [OAUTH-WG] Question on section 10.3 in Core s… John Bradley
- Re: [OAUTH-WG] Question on section 10.3 in Core s… matake@gmail
- Re: [OAUTH-WG] Question on section 10.3 in Core s… John Bradley