Apple forcing developpers to use in-app browser instead of spawning Safari has been known as an extremely insecure practice for sometime. There many reasons that…
View More Apple’s answer to the in-secure use of in-app browser? — iOS 9 introduces SFSafariViewControllerCategory: OAuth
JWS, JWT, and others now RFC!
It has taken soooo long [1], but JSON Web Signature (JWS), JSON Web Token (JWT) , together with other JW* suite finally are Standard Track…
View More JWS, JWT, and others now RFC!
Review Comments for draft-ietf-oauth-proof-of-possession-02
Proof-Of-Possession Semantics for JSON Web Tokens (JWTs) draft 02 has been under WGLC till yesterday (March 24, 2015). During the OAuth WG meeting at IETF 92…
View More Review Comments for draft-ietf-oauth-proof-of-possession-02
Public Review of UMA 0.9 is going on
June 24: The three main UMA Version 0.9 specifications – UMA Core , OAuth Resource Set Registration , and UMA Claim Profiles – are out for a45-day public review period ending September 6 at 17:00…
View More Public Review of UMA 0.9 is going onCovert Redirect is not new but.. A risk analysis and recommendations
So, there has been a flurry of worries induced by the CNET and other articles [1] about “Covert Redirect”. Like Leandro Boffi wrote in his blog…
View More Covert Redirect is not new but.. A risk analysis and recommendations
OpenID Connect is here! – An Identity Layer on the internet
Celebrate! OpenID Connect 1.0 Final is here! After four and half years, or six years if we include the time needed to start the working…
View More OpenID Connect is here! – An Identity Layer on the internet
Write an OpenID Connect server in three simple steps
An OpenID Connect server is just an OAuth 2.0 server on steroids. What it does it to return the ID Token, which contains information about…
View More Write an OpenID Connect server in three simple steps
Identity, Authentication + OAuth = OpenID Connect
Explicit Consent – Turning Internet Dog into Pavlov’s Dog
People like me who is working on internet identity space is trying to solve so called “Internet Dog Problem.” You surely must have seen this…
View More Explicit Consent – Turning Internet Dog into Pavlov’s DogAlice to Bob resource sharing
So I was in UMA call today and that reminded me of this use case. How does Alice share her protected resources (like medical test…
View More Alice to Bob resource sharing
You must be logged in to post a comment.