Groups
Groups
Sign in
Groups
Groups
oz-protocol
Conversations
About
Send feedback
Help
oz-protocol
Contact owners and managers
1–30 of 31
Discussion about OZ, a web authorization protocol developed at:
https://github.com/
hueniverse/oz
Mark all as read
Report group
0 selected
Eran Hammer
5/25/13
List closing
I've been finding Github issues a much more effective way to communicate regarding the
unread,
List closing
I've been finding Github issues a much more effective way to communicate regarding the
5/25/13
Jonathan Rudenberg
5/22/13
Concise Hawk Doc
I've put together a concise description[1] of the Hawk algorithms (as I understand them). This is
unread,
Concise Hawk Doc
I've put together a concise description[1] of the Hawk algorithms (as I understand them). This is
5/22/13
Jonathan Rudenberg
5/13/13
Hawk implementations in Go and Ruby
Tent[1] v0.3 will be adopting Hawk for authentication, so we've implemented it in Ruby[2] and Go[
unread,
Hawk implementations in Go and Ruby
Tent[1] v0.3 will be adopting Hawk for authentication, so we've implemented it in Ruby[2] and Go[
5/13/13
Jan Algermissen
5/8/13
Following redirects
Hi all, thinking about 201 and 3xx responses and whether to trust HTTP Location headers, I am curious
unread,
Following redirects
Hi all, thinking about 201 and 3xx responses and whether to trust HTTP Location headers, I am curious
5/8/13
Jan Algermissen
4/28/13
Java port of iron
Hi, for those that do not monitor the github project: There is now a Java port of iron: https://
unread,
Java port of iron
Hi, for those that do not monitor the github project: There is now a Java port of iron: https://
4/28/13
Jan Algermissen
,
Eran Hammer
3
4/25/13
Question on iron encryption salt
On Thursday, April 25, 2013 5:22:16 PM UTC+2, Eran Hammer wrote: Salt size (and other random strings)
unread,
Question on iron encryption salt
On Thursday, April 25, 2013 5:22:16 PM UTC+2, Eran Hammer wrote: Salt size (and other random strings)
4/25/13
Martin Blom
,
Eran Hammer
2
4/13/13
Hawk
Looks like a reasonable way to generate the shared secrets. I did not review the actual method used
unread,
Hawk
Looks like a reasonable way to generate the shared secrets. I did not review the actual method used
4/13/13
Sri Sarma
,
Errol Oz
2
4/12/13
Re: Abridged summary of oz-protocol@googlegroups.com - 1 Message in 1 Topic
Hello everyone, OzGroup.com is for sale, please check it out. Thanks Errol Oz On Thursday, 21
unread,
Re: Abridged summary of oz-protocol@googlegroups.com - 1 Message in 1 Topic
Hello everyone, OzGroup.com is for sale, please check it out. Thanks Errol Oz On Thursday, 21
4/12/13
Eran Hammer
, …
Eugen Tudorancea
5
4/5/13
Progress update
Been buried in hapi work. Good news is that Hawk is not pretty much done. I hope to get to Oz over
unread,
Progress update
Been buried in hapi work. Good news is that Hawk is not pretty much done. I hope to get to Oz over
4/5/13
Eran Hammer
, …
Brian Michel
48
3/23/13
Introductions
Hey I'm Brian Michel, former iOS developer at Comcast, current iOS developer at Urban Outfitters.
unread,
Introductions
Hey I'm Brian Michel, former iOS developer at Comcast, current iOS developer at Urban Outfitters.
3/23/13
Eran Hammer
, …
Robertis Tongbram
12
2/28/13
Setting course
>> Everything is an app, and it's hard to layer multiple apps that can't be faked by
unread,
Setting course
>> Everything is an app, and it's hard to layer multiple apps that can't be faked by
2/28/13
justin kruger
2/20/13
[Article] How we hacked Facebook with OAuth2 and Chrome bugs
http://homakov.blogspot.com/2013/02/hacking-facebook-with-oauth2-and-chrome.html I don't kn ow if
unread,
[Article] How we hacked Facebook with OAuth2 and Chrome bugs
http://homakov.blogspot.com/2013/02/hacking-facebook-with-oauth2-and-chrome.html I don't kn ow if
2/20/13
Coenraad Loubser
2/9/13
Integration with 802.1x?
Just wondering if anyone has gone into the specs and implementations of all the NGH stuff... WISPr
unread,
Integration with 802.1x?
Just wondering if anyone has gone into the specs and implementations of all the NGH stuff... WISPr
2/9/13
Eran Hammer
, …
Kevin Mutyaba
4
1/31/13
OAuth, the good parts
OAuth 1.0 Keep: - Token signing This was quite painful to get right in the past. However, after my
unread,
OAuth, the good parts
OAuth 1.0 Keep: - Token signing This was quite painful to get right in the past. However, after my
1/31/13
Jim McDonald
1/14/13
Hawk for Java
Hi, I've been working on an implementation of Hawk for Java and it's reached the stage where
unread,
Hawk for Java
Hi, I've been working on an implementation of Hawk for Java and it's reached the stage where
1/14/13
Eugen Tudorancea
,
Eran Hammer
2
12/17/12
Concepts and documentation
The short answer is that Oz isn't ready. At this point participation is probably limited to those
unread,
Concepts and documentation
The short answer is that Oz isn't ready. At this point participation is probably limited to those
12/17/12
Antonio Sanso
,
Eran Hammer
3
12/12/12
Encapsulated Tokens
Thanks a lot for your answer Eran. Hawk looks good. Comparing the security consideration of the
unread,
Encapsulated Tokens
Thanks a lot for your answer Eran. Hawk looks good. Comparing the security consideration of the
12/12/12
Eran Hammer
12/10/12
RE: Implementation.
This is pretty much impossible to answer without a fuller understanding of your application and
unread,
RE: Implementation.
This is pretty much impossible to answer without a fuller understanding of your application and
12/10/12
Jan Algermissen
,
Eran Hammer
3
12/4/12
Rationale for Hawk dropping nonces?
Hi Eran, On Friday, November 30, 2012 4:59:05 PM UTC+1, Eran Hammer wrote: Probably going to bring
unread,
Rationale for Hawk dropping nonces?
Hi Eran, On Friday, November 30, 2012 4:59:05 PM UTC+1, Eran Hammer wrote: Probably going to bring
12/4/12
Eran Hammer
11/29/12
RE: ttl and grant expiration
That's clearly a bug… Please open an issue. EH From: oz-pr...@googlegroups.com [mailto:oz-
unread,
RE: ttl and grant expiration
That's clearly a bug… Please open an issue. EH From: oz-pr...@googlegroups.com [mailto:oz-
11/29/12
Jan Algermissen
,
Eran Hammer
2
11/29/12
Roles and protocol endpoints
The roles are simple: Application is the client, the role making API calls. User is the resource
unread,
Roles and protocol endpoints
The roles are simple: Application is the client, the role making API calls. User is the resource
11/29/12
Dan Palmer
,
Eran Hammer
3
11/23/12
Formal Specification and Verification
OAuth 2 stripped down, with OAuth 1 signature protection, optimized for mobile/native. You should be
unread,
Formal Specification and Verification
OAuth 2 stripped down, with OAuth 1 signature protection, optimized for mobile/native. You should be
11/23/12
Tyler Gillies
,
Eran Hammer
3
11/16/12
reference implementation
On 11/16/12 12:56 AM, Eran Hammer wrote: My plan is to finish moving the pieces I have into Oz, then
unread,
reference implementation
On 11/16/12 12:56 AM, Eran Hammer wrote: My plan is to finish moving the pieces I have into Oz, then
11/16/12
Bill Burke
,
Coenraad Loubser
2
11/10/12
Intro Bill Burke
Hi Bill How about listing each of the specific use cases?
unread,
Intro Bill Burke
Hi Bill How about listing each of the specific use cases?
11/10/12
Coenraad Loubser
,
justin kruger
3
11/10/12
Can anyone here give me the 40 000 ft view of the state of the authentication industry?
An identity is a bouquet of authorizations. The bottom line is that your actual name, location and
unread,
Can anyone here give me the 40 000 ft view of the state of the authentication industry?
An identity is a bouquet of authorizations. The bottom line is that your actual name, location and
11/10/12
bobgus
,
Eran Hammer
2
11/8/12
How I got here
Long term (in years) this might make things better, but it will take a while (if ever) for major
unread,
How I got here
Long term (in years) this might make things better, but it will take a while (if ever) for major
11/8/12
François Kooman
11/6/12
Separating authentication and authorization [federated identities]
Hi, I'm very interested in seeing something simpler, stricter and more secure than OAuth 2.0! For
unread,
Separating authentication and authorization [federated identities]
Hi, I'm very interested in seeing something simpler, stricter and more secure than OAuth 2.0! For
11/6/12
Bill Burke
,
Eran Hammer
3
11/6/12
JWS?
Why is it too complex? JWS and JWE are really really simple and there's pretty much code support
unread,
JWS?
Why is it too complex? JWS and JWE are really really simple and there's pretty much code support
11/6/12
Bill Burke
11/5/12
client certs?
Any thought to incorporating SSL with client certs into a security protocol? When client certs are
unread,
client certs?
Any thought to incorporating SSL with client certs into a security protocol? When client certs are
11/5/12
Benjamin Goering
, …
Troy Howard
3
11/2/12
Can you tell us about oz?
I agree with that mentality. As long as the current state of code-writing is viewed as being
unread,
Can you tell us about oz?
I agree with that mentality. As long as the current state of code-writing is viewed as being
11/2/12
