IETF
oauth@jabber.ietf.org
Monday, 23 May 2011< ^ >
stpeter has set the subject to: OAuth WG | http://tools.ietf.org/wg/oauth/
Room Configuration

GMT+0
[16:24:45] stpeter joins the room
[17:39:54] Thomas Roessler joins the room
[17:40:02] Thomas Roessler leaves the room
[17:40:42] Brian Campbell joins the room
[17:44:43] lynch joins the room
[17:48:37] <lynch> Peter - Will Hannes update WG tickets? #8/#9 related to the error code text and had been closed...
[18:00:03] <stpeter> lynch: I expect that the chairs will update the tickets, yes
[18:00:18] <lynch> thanks!
[18:00:20] <stpeter> I think the folks in the room might want to take a break...
[18:14:06] Justin Richer joins the room
[18:53:34] yoiwa joins the room
[19:02:42] lef joins the room
[19:04:29] <lynch> would the text from Adam's http-state-cookie draft be useful here?
[19:04:58] <stpeter> you mean RFC 6265? :)
[19:05:03] <lynch> Using session identifiers is not without risk. For example, the server SHOULD take care to avoid "session fixation" vulnerabilities. A session fixation attack proceeds in three steps. First, the attacker transplants a session identifier from his or her user agent to the victim's user agent. Second, the victim uses that session identifier to interact with the server, possibly imbuing the session identifier with the user's credentials or confidential information. Third, the attacker uses the session identifier to interact with server directly, possibly obtaining the user's authority or confidential information.
[19:05:30] <lynch> that would be the one
[19:05:53] <stpeter> :)
[19:06:11] <stpeter> that text seems helpful
[19:06:27] <lynch> short, and pretty clear
[19:07:40] <stpeter> lynch: I'll speak up about that on the phone
[19:08:25] Hannes Tschofenig joins the room
[19:09:53] <lynch> thanks...
[19:10:36] <lynch> dropping off for another call -
[19:12:10] lynch leaves the room
[19:15:29] lef leaves the room
[19:16:35] yoiwa leaves the room
[19:18:25] Hannes Tschofenig leaves the room
[20:04:51] Hannes Tschofenig joins the room
[20:07:00] lef.mutualauth joins the room
[20:12:39] <stpeter> did we just lose the audio?
[20:12:41] <Brian Campbell> i just lost the video feed of the conference room
[20:12:44] <Brian Campbell> ?
[20:12:51] <Brian Campbell> oh yeah, and audio :)
[20:12:54] <stpeter> heh
[20:12:59] <stpeter> I had audio only
[20:13:14] <stpeter> and here we waited so patiently for them to finish lunch :)
[20:13:20] <Brian Campbell> haha
[20:15:11] yoiwa joins the room
[20:15:14] <Hannes Tschofenig> Hey all, we are working on the conference bridge. It crashed
[20:15:24] <stpeter> ok
[20:22:17] <stpeter> Brian Campbell: audio is back for me
[20:22:30] <stpeter> Brian Campbell: but I had to dial back in
[20:23:38] <Brian Campbell> i'm trying to get back in now
[20:23:54] <stpeter> ok
[20:24:25] <Brian Campbell> back in
[20:24:51] <stpeter> yay!
[20:29:25] lef.mutualauth leaves the room
[20:29:56] lef.mutualauth joins the room
[20:50:48] Justin Richer leaves the room
[21:11:42] <stpeter> regarding the urn:ietf:* tree, you guys want to look at http://tools.ietf.org/html/rfc3553
[21:11:50] <stpeter> see also http://tools.ietf.org/html/rfc2648
[21:17:17] <Hannes Tschofenig> Thanks, Peter.
[21:37:32] <stpeter> I think the audio might have dropped again
[21:38:17] stpeter dials back in
[21:39:51] <Hannes Tschofenig> Are you still on?
[21:40:18] <stpeter> the dial-in people are on, but the conference room isn't :)
[21:40:27] <Brian Campbell> what Peter said
[22:57:49] stpeter leaves the room: Disconnected: connection closed
[23:02:59] <Brian Campbell> i need to drop off now
[23:03:02] <Brian Campbell> thanks everyone
[23:03:27] Brian Campbell leaves the room
[23:08:36] yoiwa leaves the room
[23:16:22] lef.mutualauth leaves the room
[23:46:55] Hannes Tschofenig leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!