public marks

PUBLIC MARKS with tags oAuth & clevermarks

May 2010

Two tastes better together: Combining OpenID and OAuth with OpenID Connect

by nhoizey
"making more data available from OpenID users is the first essential step that we must take to regain our footing in the marketplace"

February 2010

June 2009

OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing

by holyver (via)
OAuth, OpenID…they sound like the same thing and they kind of do vaguely similar things But I’m here to tell you, OAuth is not Open ID. They have a different purpose. I’ve been playing around with OAuth a bit in the past couple weeks and have a grip on what it’s aiming to do and what it’s not aiming to do. To start with, here’s what OAuth does have in common with Open ID

April 2009

Explaining the OAuth Session Fixation Attack

by nhoizey & 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?

OAuth: 2009.1

by nhoizey
A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered.

February 2009

January 2009

Official Google Data APIs Blog: Bringing OpenID and OAuth Together

by nhoizey & 2 others
The Hybrid Protocol is a result of the ongoing effort by the OpenID and OAuth communities to make these protocols more useful for users and websites. Google is working together with the OpenID community to standardize the new protocol as a formal OpenID extension.

Active users

nhoizey
last mark : 17/05/2010 12:35

holyver
last mark : 23/06/2009 20:42