50°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Aaron Parecki
    The deadline to submit drafts ahead of the IETF meeting in November just passed, and I submitted my last one with 30 minutes to spare! Here are all the docs I'll be discussing:

    https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-15.html

    https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-01.html

    https://www.ietf.org/archive/id/draft-parecki-oauth-first-party-apps-00.html

    https://www.ietf.org/archive/id/draft-parecki-oauth-metadata-for-nested-flows-00.html
    Portland, Oregon, USA
    Mon, Oct 23, 2023 5:15pm -07:00 #oauth #ietf
    6 likes 3 reposts 1 reply 1 mention
    • dpdp
    • Torstein Krause Johansen
    • Jon Lunman
    • jack the nonabrasive
    • Royce Williams
    • dragotin
    • jack the nonabrasive
    • Evert Pot
    • chaos.social/users/chrysn

      @aaronpk Thanks for also considering the statically-served browser-based case.
      I find it curious that the main threat model is having malicious JS executed in the browser context of the app (painting browser-based unsafe). As someone unfamiliar with the stacks of modern backend development (last time I did that, LAMP was big), and only dabbling in frontend stuff (usually Rust/WASM) I'd intuitively assume that a BFF server is more easily compromised than the union of the JS and a static server.

      Tue, Oct 24, 2023 3:26am -07:00

    Other Mentions

    • aaronpk micro.blog/aaronpk
      The deadline to submit drafts ahead of the IETF meeting in November just passed, and I submitted my last one with 30 minutes to spare! Here are all the docs I'll be discussing: https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-15.html https://www.ietf.org/archive/id/draft-ietf-oauth-resou... aaronparecki.com
      Mon, Oct 23, 2023 5:15pm -07:00 (via micro.blog)
Posted in /notes using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv