Return-Path: 
 <amber-dev-return-1024-apmail-incubator-amber-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-amber-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-amber-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D3104DCED
	for <apmail-incubator-amber-dev-archive@minotaur.apache.org>;
 Fri, 27 Jul 2012 09:38:56 +0000 (UTC)
Received: (qmail 73919 invoked by uid 500); 27 Jul 2012 09:38:56 -0000
Delivered-To: apmail-incubator-amber-dev-archive@incubator.apache.org
Received: (qmail 73784 invoked by uid 500); 27 Jul 2012 09:38:52 -0000
Mailing-List: contact amber-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:amber-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:amber-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:amber-dev@incubator.apache.org>
List-Id: <amber-dev.incubator.apache.org>
Reply-To: amber-dev@incubator.apache.org
Delivered-To: mailing list amber-dev@incubator.apache.org
Received: (qmail 73749 invoked by uid 99); 27 Jul 2012 09:38:51 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jul 2012 09:38:51 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of simone.tripodi@gmail.com
 designates 74.125.83.47 as permitted sender)
Received: from [74.125.83.47] (HELO mail-ee0-f47.google.com) (74.125.83.47)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jul 2012 09:38:47 +0000
Received: by eekb57 with SMTP id b57so519121eek.6
        for <amber-dev@incubator.apache.org>;
 Fri, 27 Jul 2012 02:38:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:date:x-google-sender-auth:message-id:subject
         :from:to:content-type;
        bh=Y2Pg7wM5Smq+QBJ/PB6FHDrFrBhlyHl/ZcFxTTcMa8o=;
        b=stazoOv/I11nSyaDORFjkOD8qSWEujDEp+rn+QMRPuDRVhEXzCN1fOtnSI/DzHoC+i
         4Whjhz8rMbSL9iWpr2j3ra6TIb+JnWAzjU1KlJ0Zj2qQOF1wi9cMSZSoK8Pyirg/Js2N
         6FuUz+oFqUgKulgZcNjJoQGq+83hAIXmn6nu2OGUXTANmV8LdiIexd8rXeXD3fi5nKK6
         AjXiOzVMMpowicjtVi/c2T8XGA4t5fBja5njwirPlgDz3lMutM3TgsEsDdJbin/MgH8o
         3vsK3zQLeOSApEHXjQ5bxeAhsZVYp/HU9OC6KLwr4bCArgQwQd5Knrx/8kloqCyd+Mxb
         LHAA==
MIME-Version: 1.0
Received: by 10.14.202.69 with SMTP id c45mr1995337eeo.4.1343381906054; Fri,
 27 Jul 2012 02:38:26 -0700 (PDT)
Sender: simone.tripodi@gmail.com
Received: by 10.14.204.71 with HTTP; Fri, 27 Jul 2012 02:38:26 -0700 (PDT)
Date: Fri, 27 Jul 2012 11:38:26 +0200
X-Google-Sender-Auth: SNsDsFGo9PgYm1YGjK7jlQaV08o
Message-ID: 
 <CAAqLGLP7_Mm5hECGjx_vBpxiC0yGKBUQadAfDv5gZ1=ngw707Q@mail.gmail.com>
Subject: OAuth2 and "the road to hell"
From: Simone Tripodi <simonetripodi@apache.org>
To: amber-dev@incubator.apache.org
Content-Type: text/plain; charset=UTF-8
X-Virus-Checked: Checked by ClamAV on apache.org

Hi all amber mates,

a close fiend of mine just pointed me to the Eran Hammer's (one of the
main of OAuth spec author) blog post[1] which is a little worrying for
our world...

have a nice reading, all the best,
-Simo

[1] http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

http://people.apache.org/~simonetripodi/
http://simonetripodi.livejournal.com/
http://twitter.com/simonetripodi
http://www.99soft.org/