public marks

PUBLIC MARKS from nhoizey with tag oAuth

May 2010

Two tastes better together: Combining OpenID and OAuth with OpenID Connect

"making more data available from OpenID users is the first essential step that we must take to regain our footing in the marketplace"

February 2010

April 2009

Explaining the OAuth Session Fixation Attack

by 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?

OAuth: 2009.1

A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered.

February 2009

January 2009

Official Google Data APIs Blog: Bringing OpenID and OAuth Together

by 2 others
The Hybrid Protocol is a result of the ongoing effort by the OpenID and OAuth communities to make these protocols more useful for users and websites. Google is working together with the OpenID community to standardize the new protocol as a formal OpenID extension.

June 2008

XTech 2008: Advanced OAuth Wrangling — IDEAlliance

OAuth is poised to be one of most important new standards in 2008. A simple standardization of delegated token auth, OAuth makes it straightforward to offer and consume APIs for a class of data under represented in the current set of API offerings—data