[Openid-specs-ab] Issue #839: Standard - Add x-frame-options to security consideration (openid/connect)

Nat Sakimura sakimura at gmail.com
Fri May 31 13:56:13 UTC 2013


This is good.

=nat via iPhone

May 31, 2013 22:36¡¢Mike Jones <Michael.Jones at microsoft.com> ¤Î¥á¥Ã¥»©`¥¸:

> Are you referring to http://tools.ietf.org/html/rfc6749#section-10.13 on "Clickjacking", Torsten?
>
>                -- Mike
>
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Torsten Lodderstedt
> Sent: Friday, May 31, 2013 12:57 AM
> To: Nat Sakimura
> Cc: openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Issue #839: Standard - Add x-frame-options to security consideration (openid/connect)
>
> Hi Nat,
>
> the OAuth core's security considerations already cover this threat/countermeasure. The connect spec may refer to it.
>
> regards,
> Torsten.
>
> Am 31.05.2013 um 03:31 schrieb "Nat Sakimura" <issues-reply at bitbucket.org>:
>
>> New issue 839: Standard - Add x-frame-options to security
>> consideration
>> https://bitbucket.org/openid/connect/issue/839/standard-add-x-frame-op
>> tions-to-security
>>
>> Nat Sakimura:
>>
>> For frame busting to avoid click jacking.
>>
>> It may even be normative.
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list