Re: [OAUTH-WG] Few questions about HOTK

Fri, 21 Dec 2012 08:00:09 -0800 

On 21/12/12 15:54, William Mills wrote:

No, MAC as I'm using it is a MAC token per
http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02


Sure, what do you mean though when saying
"HOTK payload can be carried in a MAC token." ?


I'm presuming you have in mind the parameters as defined in the draft, 
and specifically I thought it was the 'mac' attribute which is 
effectively a HOTK payload, possibly alongside few other Authorization 
MAC scheme attributes ?


Sergey



------------------------------------------------------------------------
*From:* Sergey Beryozkin <[email protected]>
*To:* William Mills <[email protected]>
*Cc:* "<[email protected]>" <[email protected]>
*Sent:* Friday, December 21, 2012 3:15 AM
*Subject:* Re: [OAUTH-WG] Few questions about HOTK

On 21/12/12 05:30, William Mills wrote:
 > MAC and HOTK describe different properties of a token, and could both be
 > used in the same token. MAC specifies a basic format for a signed token
 > payload and transaction. HOTK defines part of a token payload. HOTK
 > payload can be carried in a MAC token.

Speaking of MAC, are you referring to
"mac" parameter within MAC Authorization payload representing a HOTK
property ?

Cheers, Sergey

 >
 > -bill
 >
 > ------------------------------------------------------------------------
 > *From:* Sergey Beryozkin <[email protected]
<mailto:[email protected]>>
 > *To:* "<[email protected] <mailto:[email protected]>>" <[email protected]
<mailto:[email protected]>>
 > *Sent:* Thursday, December 20, 2012 1:49 PM
 > *Subject:* [OAUTH-WG] Few questions about HOTK
 >
 > Hi Hannes, others,
 >
 > I'd like to understand what is the difference between HOTK Symmetric [1]
 > and MAC [2].
 >
 > I'm reading about HOTK Symmetric and JWS profile and it seems like HOTK
 > Symmetric text can support MAC.
 >
 > My main question at the moment: does HOTK (Symmetric) offer an
 > alternative to MAC or is HOTK actually a higher-level token scheme which
 > can support different types of tokens ?
 >
 > thanks, Sergey
 >
 > [1] http://tools.ietf.org/html/draft-tschofenig-oauth-hotk-01
 > [2] http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-02
 > _______________________________________________
 > OAuth mailing list
 > [email protected] <mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
 > https://www.ietf.org/mailman/listinfo/oauth
 >
 >




_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to