The deadline to submit drafts ahead of the IETF meeting in ... • Aaron Parecki

The deadline to submit drafts ahead of the IETF meeting in November just passed, and I submitted my last one with 30 minutes to spare! Here are all the docs I'll be discussing:

https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-15.html

https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-01.html

https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-00.html

https://www.ietf.org/archive/id/draft-parecki-oauth-metadata-for-nested-flows-00.html

Portland, Oregon, USA

#oauth #ietf

Mon, Oct 23, 2023 5:15pm -07:00

6 likes 3 reposts 1 reply 1 mention
Have you written a response to this? Let me know the URL:
- chaos.social/users/chrysn
  
  @aaronpk Thanks for also considering the statically-served browser-based case.
  I find it curious that the main threat model is having malicious JS executed in the browser context of the app (painting browser-based unsafe). As someone unfamiliar with the stacks of modern backend development (last time I did that, LAMP was big), and only dabbling in frontend stuff (usually Rust/WASM) I'd intuitively assume that a BFF server is more easily compromised than the union of the JS and a static server.
  
  Tue, Oct 24, 2023 3:26am -07:00
Other Mentions
- aaronpk micro.blog/aaronpk
  
  The deadline to submit drafts ahead of the IETF meeting in November just passed, and I submitted my last one with 30 minutes to spare! Here are all the docs I'll be discussing: https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-15.html https://www.ietf.org/archive/id/draft-ietf-oauth-resou... aaronparecki.com
  
  Mon, Oct 23, 2023 5:15pm -07:00 (via micro.blog)

Posted in /notes using quill.p3k.io

Aaron Parecki

Other Mentions