-
assigned issue to
Edmund Jay
BK Comments 12.2.2
Issue #99
resolved
Section 12.2.2
Even if the protected resource does not include a personally
identifiable information, it is sometimes possible to identify the
user through the Request Object URI if persistent per-user Request
Object URI is used. A third party may observe it through browser
nit: need an article for "persistent per-user Request Object URI" (or
make it plural, as "URIs are used").
Therefore, per-user Request Object URI should be avoided.
nit: I think this is better as "static per-user Requeste Object URIs".
Comments (4)
-
-
reporter
- changed status to resolved
Merged in edmund_jay/oauth-jwsreq/BK_comments_12.2.2 (pull request #12)
Fixes
#99- BK Comments 12.2.2Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset f3bcdab2a128>>
-
reporter
Fixes
#99- BK Comments 12.2.2→ <<cset 2c608f7606f8>>
-
reporter
Merged in edmund_jay/oauth-jwsreq/BK_comments_12.2.2 (pull request #12)
Fixes
#99- BK Comments 12.2.2Approved-by: Nat Sakimura sakimura@gmail.com
→ <<cset f3bcdab2a128>>
- Log in to comment
