cmis message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: topic for next TC call: browser binding authentication
- From: Scott Malabarba <scott.malabarba@us.ibm.com>
- To: cmis@lists.oasis-open.org
- Date: Wed, 29 Feb 2012 17:18:31 -0800
I'd like to spend a few minutes in Monday's
meeting on section 5.2.9, authentication in the browser binding.
The mechanism used to protect against
CSRF attacks is, necessarily, complicated for both client and server implementers.
I think there's a significant risk that
some implementers will either choose not to implement it or implement it
incorrectly.
I'd like to talk about ideas for how
we can mitigate this risk. For example, add lots of code samples so that
implementers
have less work to do, or more forceful
discussion of CSRF so that they understand the risk, etc.
Thanks,
Scott
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]