Home
sven duzont's Library tagged → View Popular
OpenSocial Restful Protocol -...
-
Containers SHOULD carefully consider security. Containers MUST
support OAuth but SHOULD use appropriate policies to determine allowed
operations on a per-Consumer and per-user basis. Per the OAuth spec,
Containers SHOULD document how a Consumer can direct a user to a
Container web page to obtain an oauth_token for future use. Note that
this is a vector for phishing if the user is required to enter their
credentials.Containers SHOULD support SSL connections for sensitive data as
OAuth on its own does not provide encryption or message body integrity
checking. Containers should base their security decisions on the type
of client in use; a generally available desktop client, for example,
cannot effectively protect a Consumer Secret that is installed with
each client. The security of communications with a partner service, on
the other hand, is dependent on the effectiveness of that service's
security procedures. Containers may wish to rate limit requests from
unknown clients, or require registration, in order to mitigate risk.Containers should scope oauth_tokens as narrowly as possible (e.g.,
allow reading but not writing if a client only performs reads).
Selected Tags
Related Tags
Sponsored Links
Top Contributors
Groups interested in opensocial
-
Semantic Web & Social Graph [3.0]
Links + Sources about web 3...
Items: 61 | Visits: 27
Created by: Youssef El Ayadi
-
OpenSocial
Items: 3 | Visits: 52
Created by: Toshiro Shimura
Diigo is about better ways to research, share and collaborate on information. Learn more »
Join Diigo