Nice document. One quick question In Section 6, on the use of asymmetric keys, it is stated "If the client generates the key pair it includes a fingerprint of the public key (of the SubjectPublicKeyInfo structure, more precisely). The authorization server would include this fingerprint in the access token and thereby bind the asymmetric key pair to the token." However, it's not clear where this fingerprint would go in a JWK. I see a cert fingerprint, but no provision for a public key fingerprint.
What's the intent here? -cmort On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig <[email protected] > wrote: > Hi all, > > as discussed during the last IETF meeting we are re-factoring our > documents on proof-of-possession. (As a reminder, here is the > presentation I have during the OAuth meeting: > http://www.ietf.org/proceedings/89/slides/slides-89-oauth-0.pptx)* > > Mike had already posted draft-jones-oauth-proof-of-possession-00 and now > I have added the architecture document, which provides an overview of > the different pieces. > > Here is the document for you to look at: > http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00 > > Ciao > Hannes > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
