public marks

PUBLIC MARKS from nhoizey with tags oAuth & faille

23 April 2009 15:45

Explaining the OAuth Session Fixation Attack

by 1 other
For everyone involved, this was a first-of-a-kind experience: managing a specification security hole (as opposed to a software bug) in an open specification, with an open community, and no clear governance model. Where do you even begin?