On 12/12/2018 10:33, Stefanie Gerdes wrote:
Hi again,
I have one additional comment to ace-oauth-17:
Section 5.8.1 recommends that RS stores only one token per key and that
existing tokens are overwritten by new tokens. I wonder how the RS knows
which token is the most recent. I don't think the expiration time helps
in this case because it should be possible for the AS to
provide a token that expires earlier than the previous token.
Viele Grüße
Steffi
"Recent" here is meant as "most recently received". That is something
the RS definitely can track.
/Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE
Phone +46(0)70-349 92 51
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
