The new http://tools.ietf.org/html/draft-jones-jose-jwk-thumbprint-00
specification defines a way to compute a thumbprint for a JWK (or in fact, any
key with a defined JWK representation).
-- Mike
From: OAuth [mailto:[email protected]] On Behalf Of Chuck Mortimore
Sent: Saturday, April 12, 2014 6:09 PM
To: Hannes Tschofenig
Cc: [email protected]
Subject: Re: [OAUTH-WG] Proof-of-Possession (PoP) Architecture Document
Nice document. One quick question
In Section 6, on the use of asymmetric keys, it is stated "If the client
generates the key pair it includes a fingerprint of the public key (of the
SubjectPublicKeyInfo structure, more precisely). The authorization server
would include this fingerprint in the access token and thereby bind the
asymmetric key pair to the token." However, it's not clear where this
fingerprint would go in a JWK. I see a cert fingerprint, but no provision for
a public key fingerprint.
What's the intent here?
-cmort
On Thu, Apr 3, 2014 at 1:40 AM, Hannes Tschofenig
<[email protected]<mailto:[email protected]>> wrote:
Hi all,
as discussed during the last IETF meeting we are re-factoring our
documents on proof-of-possession. (As a reminder, here is the
presentation I have during the OAuth meeting:
http://www.ietf.org/proceedings/89/slides/slides-89-oauth-0.pptx)*
Mike had already posted draft-jones-oauth-proof-of-possession-00 and now
I have added the architecture document, which provides an overview of
the different pieces.
Here is the document for you to look at:
http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00
Ciao
Hannes
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
