[Openid-specs-ab] WG meeting topic
Tom Jones
thomasclinganjones at gmail.com
Mon Mar 18 18:49:17 UTC 2019
Technically a browser is just a webview. Since all user agent strings are
lies, there is only a slight possibility that it will help. The only thing
that a browser will bother to do is implement the entire html5 spec. So
complexity is probably the best test available. Things like redirects,
cookies, iframes, and the like. Specific devices do have unique features
that are testable, but neither common among devices nor among different
browsers on the same device.
thx ..Tom (mobile)
On Mon, Mar 18, 2019, 10:05 AM George Fletcher via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> Hi,
>
> I'd like to have a discussion around security and authentication flows
> occurring with the system browser vs a webview. I get the potential
> security risk but I don't think we have any guidance on how an IdP is
> supposed to ensure whether requests are coming from the system browser
> vs a webview.
>
> Thanks,
> George
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190318/20cadc2f/attachment.html>
More information about the Openid-specs-ab
mailing list