Re: [OAUTH-WG] OAuth in the news again....
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 01 December 2014 18:58 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 482EB1A8954 for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 10:58:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jcf8HPpD1U14 for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 10:58:13 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0C361A894F for <oauth@ietf.org>; Mon, 1 Dec 2014 10:58:12 -0800 (PST)
Received: from [192.168.131.134] ([80.92.119.109]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Mbfyr-1XdATX0ktx-00J1jr; Mon, 01 Dec 2014 19:58:10 +0100
Message-ID: <547CBA40.3080004@gmx.net>
Date: Mon, 01 Dec 2014 19:58:08 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: John Bradley <ve7jtb@ve7jtb.com>
References: <547C9669.3060802@gmx.net> <7B8DD27E-A180-4A13-869E-884F01E2DE36@ve7jtb.com>
In-Reply-To: <7B8DD27E-A180-4A13-869E-884F01E2DE36@ve7jtb.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="gAwQbI7FD2JUTBbO1mVrMupI0hMmllIk2"
X-Provags-ID: V03:K0:dLRtXylryY4oIrOX2NEfrpdU8AJTV3+a42oJNOZ9UQb5s2Gyuh3 teqV8xAmUPomYZ7MubC9GflHAYYfuJST78sVMV70wdt9Kq6mNp7WYi6zr5d6hkzs8C7ahV5 nuK79PXCF8W1KN3U/UfOWpNI1JMFAstUZJIzLPmss1lIVK5Up5O5mM9J11lepyPcA78kk8U Upv9EmIBAPeSd0ZIklEqw==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/NIK2XFabtDjH54zyTGV0bmrj-DY
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth in the news again....
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 18:58:15 -0000
Yes, this is the story. Sorry for including the wrong link. We can find out what the issue was but that wasn't necessarily my point. The problem is that there is unfortunately little understanding about the different layers and responsibilities involved. I think there is something to write about and I will compile a first draft. Ciao Hannes On 12/01/2014 06:51 PM, John Bradley wrote: > Hannes, > > I think this may be the link you were trying to share. > http://www.cbc.ca/m/touch/news/story/1.2844953 > > I suspect the problem was the profile ID leaking via a ad rather than anything to do with OAuth > as she never logged in. > > John B. > > >> On Dec 1, 2014, at 1:25 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: >> >> Hi all, >> >> I fear we have to write another article to clarify what OAuth does and >> what it does not do based on the misinformation spread with this recent >> article: >> http://www.techopedia.com/definition/26694/oauth >> >> A quote from that article: >> " >> Graham Williams, a Vancouver-based technology expert, points to what is >> known as an "open authentication protocol" — or OAuth — where people >> often unwittingly share personal information with third-party websites. >> " >> >> Ciao >> Hannes >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Kathleen Moriarty
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... John Bradley
- Re: [OAUTH-WG] OAuth in the news again.... Phil Hunt
- Re: [OAUTH-WG] OAuth in the news again.... Hannes Tschofenig
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills
- Re: [OAUTH-WG] OAuth in the news again.... Nat Sakimura
- Re: [OAUTH-WG] OAuth in the news again.... Bill Mills