[Openid-specs-ab] Transient Client Secret Extension for OAuth

John Bradley ve7jtb at ve7jtb.com
Mon Jul 29 06:00:51 UTC 2013


Thinking about it overnight we need to also have a salt sent with the hash, to prevent rainbow tables attacks.

On 2013-07-28, at 9:39 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> As some of you knows, passing the code securely to a native app on iOS platform is next to impossible. Malicious application may register the same custom scheme as the victim application and hope to obtain the code, whose success rate is rather high. 
> 
> We have discussed about it during the OpenID Conenct Meeting at IETF 87 today, and I have captured the discussion in the form of I-D. It is pretty short and hopefully easy to read. 
> 
> You can find it at: 
> 
> https://bitbucket.org/Nat/drafts/src/
> 
> Comments are welcome. 
> 
> -- 
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130729/a0f469e4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4507 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130729/a0f469e4/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list