Add: note the browser is insecure

author: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:50:47 +0300
committer: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:50:47 +0300
commit: c3fb1165df74aa3e3a8ce18983f4c05721632780 (patch)
tree: 887661f48fb78a25d5b65f758cfc4b9eaa459f15
parent: c26ee73aafd211365b3b8bb51ca4466887c9617e (diff)
download: ick.liw.fi-c3fb1165df74aa3e3a8ce18983f4c05721632780.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/yuck.mdwn b/yuck.mdwn
index 3c81250..472504b 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -230,7 +230,9 @@ authentication.
   to authenticate themselves).
 
 * The facade holds the access token on behalf of an authenticated end
-  user.
+  user. The access token can't be given to the browser, since the
+  browser can't be assumed to be highly secure, from the point of view
+  of the relying party.
 
 * The facade talks to a backend, giving it the user's access token as
   proof of authentication and authorization.
author	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:50:47 +0300
committer	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:50:47 +0300
commit	c3fb1165df74aa3e3a8ce18983f4c05721632780 (patch)
tree	887661f48fb78a25d5b65f758cfc4b9eaa459f15
parent	c26ee73aafd211365b3b8bb51ca4466887c9617e (diff)
download	ick.liw.fi-c3fb1165df74aa3e3a8ce18983f4c05721632780.tar.gz