[Openid-specs-ab] Issue #839: Standard - Add x-frame-options to security consideration (openid/connect)

Mike Jones Michael.Jones at microsoft.com
Fri May 31 13:34:32 UTC 2013


Are you referring to http://tools.ietf.org/html/rfc6749#section-10.13 on "Clickjacking", Torsten?

				-- Mike

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Torsten Lodderstedt
Sent: Friday, May 31, 2013 12:57 AM
To: Nat Sakimura
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Issue #839: Standard - Add x-frame-options to security consideration (openid/connect)

Hi Nat,

the OAuth core's security considerations already cover this threat/countermeasure. The connect spec may refer to it.

regards,
Torsten.

Am 31.05.2013 um 03:31 schrieb "Nat Sakimura" <issues-reply at bitbucket.org>:

> New issue 839: Standard - Add x-frame-options to security 
> consideration 
> https://bitbucket.org/openid/connect/issue/839/standard-add-x-frame-op
> tions-to-security
> 
> Nat Sakimura:
> 
> For frame busting to avoid click jacking. 
> 
> It may even be normative. 
> 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list