Re: [OAUTH-WG] Few questions about HOTK

Fri, 21 Dec 2012 07:53:16 -0800 

I want to argue to change that.  I think they should be separate and that the 
full token type definitiuon should be removed, defining only the key assertion. 
 ANY token that needs signing by the client could be an HOK token.


________________________________
 From: "[email protected]" <[email protected]>
To: William Mills <[email protected]> 
Cc: "<[email protected]>" <oauth,[email protected]>; SergeyBeryozkin 
<[email protected]> 
Sent: Thursday, December 20, 2012 11:46 PM
Subject: Re: Re: [OAUTH-WG] Few questions about HOTK
 


[email protected] 写于 2012-12-21 13:30:08:

> MAC and HOTK describe different properties of a token, and could 
> both be used in the same token.  MAC specifies a basic format
for a 
> signed token payload and transaction.  HOTK defines part of a
token 
> payload.  HOTK payload can be carried in a MAC token. 
> 
> -bill 

HOTK and MAC are different token types, how can they
be used in the same token? 
What whould the token type be then?  

MAC and HOTK-SK are really very similar, they are
actually alternative solutions to each other.  
The meaning is HOTK is more high level.  
> 
> From: Sergey Beryozkin <[email protected]>
> To: "<[email protected]>" <[email protected]> 
> Sent: Thursday, December 20, 2012 1:49 PM
> Subject: [OAUTH-WG] Few questions about HOTK 
> 
> Hi Hannes, others,
> 
> I'd like to understand what is the difference between HOTK Symmetric
> [1] and MAC [2].
> 
> I'm reading about HOTK Symmetric and JWS profile and it seems like 
> HOTK Symmetric text can support MAC.
> 
> My main question at the moment: does HOTK (Symmetric) offer an 
> alternative to MAC or is HOTK actually a higher-level token scheme 
> which can support different types of tokens ?
> 
> thanks, Sergey
> 
> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-01
> [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to