Re: WGLC #348: Realms and scope

On 3 June 2012 22:16, Manger, James H <James.H.Manger@team.telstra.com> wrote:
> Could we mention the best mitigation strategy (using a phishing-resistant authentication scheme that does not expose the client credentials in the protocol), instead of the strategy of restricting access to the "Authorization" value (which makes it hard to deploy better authentication schemes that need access to this header).

That would be great, if one existed.  Can you provide a citation for
an example? ;)

Received on Monday, 4 June 2012 18:28:39 UTC