Complete privacy section for Oauth use case #49
Assignees
Comments
|
Please assign me to this issue. |
This was referenced Sep 7, 2020
|
I did a research on this topic. While the RFC 6749 has a security section it does not provide an in-depth analysis of privacy concerns. There are a couple of other documents related to oAuth protocol that does, however they describe specific token formats and exchange ( https://www.rfc-editor.org/rfc/rfc8693.html#name-privacy-considerations https://www.rfc-editor.org/rfc/rfc8705.html#name-privacy-considerations). In general, I am not qualified to do a full review of the privacy risk of oAuth2.0 but I think that we should probably point to tokens as a weak spot. |
|
UC call on Jan 11th: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As discussed in w3c/wot-security#177, this use case is mostly complete except the privacy section is empty and should refer to the corresponding section in the oauth2 spec.
The linked security issue will be closed and once this issue is dealt with the oauth use case can be considered complete.
The text was updated successfully, but these errors were encountered: