public marks

PUBLIC MARKS from nhoizey with tags oAuth & clevermarks

May 2010

Two tastes better together: Combining OpenID and OAuth with OpenID Connect

"making more data available from OpenID users is the first essential step that we must take to regain our footing in the marketplace"

February 2010

April 2009

Explaining the OAuth Session Fixation Attack

by 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?

OAuth: 2009.1

A session fixation attack against the OAuth Request Token approval flow (OAuth Core 1.0 Section 6) has been discovered.

February 2009

January 2009

Official Google Data APIs Blog: Bringing OpenID and OAuth Together

by 2 others
The Hybrid Protocol is a result of the ongoing effort by the OpenID and OAuth communities to make these protocols more useful for users and websites. Google is working together with the OpenID community to standardize the new protocol as a formal OpenID extension.