Subject: CAcert Code Development list.
List archive
- From: Mario Lipinski <mario AT cacert.org>
- To: cacert-devel AT lists.cacert.org
- Subject: Re: Security of OAuth and OpenID
- Date: Sat, 11 Jul 2009 02:45:37 +0200
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert Events, CAcert Organisation Assurance Germany
Michael,
thanks for your comments.
This is a point we really need to think about. However, this should not change the design of the software. We only should consider having a strict policy on external applications.
Am 11.07.2009 1:56 Uhr, schrieb Michael Tänzer:
Additionally we should not only have application accounts but also
assign data access rights to them. For example the geo/social app should
only be able to access the primary email address in order to send
announcements, maybe the name (the user could also enter this separately
as e.g. he might want to omit middle names) and possibly the number of
experience points while the web frontend needs wider access to the data
(in order to let the user tweak preferences, request certs etc.).
I think, this was already planned that way.
Mario
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Security of OAuth and OpenID, Michael Tänzer, 07/10/2009
- Re: Security of OAuth and OpenID, Alejandro Mery Pellegrini, 07/10/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/11/2009
- Re: Security of OAuth and OpenID, Mario Lipinski, 07/11/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/12/2009
- Re: Security of OAuth and OpenID, Sam Johnston, 07/12/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/12/2009
- Re: Security of OAuth and OpenID, Ian G, 07/13/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/12/2009
- Re: Security of OAuth and OpenID, Mario Lipinski, 07/11/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/11/2009
- Re: Security of OAuth and OpenID, Ian G, 07/11/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/11/2009
- Re: Security of OAuth and OpenID, Ian G, 07/11/2009
- Re: Security of OAuth and OpenID, Michael Tänzer, 07/11/2009
- Re: Security of OAuth and OpenID, Markus Warg, 07/13/2009
- Re: Security of OAuth and OpenID, Alejandro Mery Pellegrini, 07/10/2009
Archive powered by MHonArc 2.6.16.