55°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

Monday, November 19, 2018

← Older → Newer
  • 10:11pm
    Asleep
    6:03am
    Awake
    7h 52m
    Slept
    17m
    Awake for
    Portland, Oregon, USA • 42°F
    Mon, Nov 19, 2018 6:03am -08:00
  • Johannes Ebner 🌐 https://twitter.com/Structed
    Great talk about the #indieweb by @adactio at #voxxeddays #thessaloniki - extremely inspiring!
    Portland, Oregon • 46°F
    Mon, Nov 19, 2018 8:43am +00:00 (liked on Mon, Nov 19, 2018 6:20am -08:00) #indieweb #voxxeddays #thessaloniki
  • Stéphanie Walter @ Voxxed Thessaloniki πŸ¦ŠπŸŒˆπŸ‡¬πŸ‡· https://twitter.com/WalterStephanie
    A great resource to know more about decentralized web: https://indieweb.org/
    Don't forget to have fun, your website is a playground!!
    Let's share what we know, just chose where you want to share it.
    #vdthess18
    Portland, Oregon • 46°F
    Mon, Nov 19, 2018 8:42am +00:00 (liked on Mon, Nov 19, 2018 6:21am -08:00) #vdthess18
  • 161.4lbs
    Weight
    20.3%
    Body Fat
    Portland, Oregon • 39°F
    Mon, Nov 19, 2018 6:21am -08:00
  • Instant Pot Caramelized Onions (www.essentialomnivore.com)
    Mon, Nov 19, 2018 7:56am -08:00 #recipe
  • Easy Vegan French Onion Soup Recipe | Elizabeth Rider (www.elizabethrider.com)
    Mon, Nov 19, 2018 7:56am -08:00 #recipe
  • Stephanie Walter https://mastodon.social/@stephaniewalter

    "Having your own website is damn disruptive when everything is centralised on Medium, Facebook, Twitter, etc." πŸ˜€ #vdthess18

    Portland, Oregon • 42°F
    Mon, Nov 19, 2018 8:40am +00:00 (liked on Mon, Nov 19, 2018 8:31am -08:00) #vdthess18
  • Lillian Karabaic https://twitter.com/anomalily
    Sleep is a drug. I took 2 whole days off work and slept 9 hours a night and exercised and I feel like I am on SPEED today. Is this why weekends exist?
    Portland, Oregon • 43°F
    Mon, Nov 19, 2018 4:52pm +00:00 (liked on Mon, Nov 19, 2018 9:00am -08:00)
  • (datatracker.ietf.org)
    Portland, Oregon • 52°F
    Mon, Nov 19, 2018 3:49pm -08:00 #ietf #oauth #ietf103
  • https://www.ietf.org/mail-archive/web/oauth/current/msg18477.html
    OAUTH-WG
    Aaron Parecki
    On Wed, Nov 7, 2018 at 7:20 AM Joseph Heenan <joseph at authlete.com> wrote:

    > It may be worth slightly rewording 7.2 as it may encourage a growing misconception that all native apps must be public clients. With many devices now having embedded HSMs, we’ve seen increasing interest in mobile apps being dynamically (per-install) registered oauth2 private clients, and that model has a lot of advantages. (I’m not sure if we might see a similar model evolving for web apps.)

    That's a great point, thanks. I've removed the reference to native apps being public clients since it doesn't really add anything to this spec if I have to caveat the description.

    On Thu, Nov 15, 2018 at 12:58 PM Torsten Lodderstedt <torsten at lodderstedt.net> wrote:

    > > > First of all the AS decides whether it issues refresh tokens or not. Having the ability does not mean the AS must do it. If you feel it’s safer to not do it. Fine.
    > > Sure, and this should be mentioned then somewhere (either in the threats doc or in this proposed best practice doc). Not all end developers using these protocols fully understand the ramifications.
    > @Aaron: I suggest this goes to the SPA BCP since this is client specific.

    Thanks, I agree that this document should include some recommendations around refresh token handling. Looking at the discussion in this thread, it seems there are a few different strategies folks are taking. Since it seems like there isn't a strong consensus, it sounds like this would be better suited for the "Security Considerations" section, and to not make MUST/SHOULD recommendations, but rather just point out the issues. Any thoughts on that before I take a stab at writing something?

    I've incorporated some of the other feedback here and published an updated version:

    https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-01

    Thanks for the feedback so far.
    Portland, Oregon
    Mon, Nov 19, 2018 6:09pm -08:00 #oauth
← Older → Newer

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • πŸŽ₯ YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • βš™οΈ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv