On 2018-02-01 14:59, Hannes Tschofenig wrote:
the Client Token is a new mechanism in the ACE-OAuth that aims to solve
a scenario where the Client does not have connectivity to the
Authorization Server to obtain an access token while the Resource Server
The solution is therefore for the Client to use the Resource Server to
relay messages to the Authorization Server.
While this sounds nice it does not follow the OAuth model and we, at
ARM, have not seen anyone requesting this feature.
In summary, I am again requesting that the Client Token functionality is
removed from the ACE-OAuth draft.
I agree that interest for this use case has been lukewarm at most in the
WG. I will remove that feature from the draft in the next update.
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
Ace mailing list