If we can reference individual drafts then https://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/ is an example of encryption to the client by the AS in sec 4.2.
If we want to reference an encryption example. I think signing is covered by the assertion reference. John B. On Jul 14, 2014, at 2:36 PM, Hannes Tschofenig <[email protected]> wrote: > Hi Mike, > > there is no problem referencing an individual draft particularly when > that reference gives some hint about how the stuff is used (particularly > when the referenced document might be a working group draft at the time > when the dynamic client registration document gets published as an RFC). > > In this specific case I haven't even thought about that > draft-sakimura-oauth-requrl-05... > > Ciao > Hannes > > On 07/14/2014 07:59 PM, Mike Jones wrote: >> I'm not suggesting that we reference it. We reference JWT using the >> language I already provided. I was just giving you another example of a >> signed JWT sent to the authorization server, since you couldn't think of any >> off the top of your head. >> >> -----Original Message----- >> From: Hannes Tschofenig [mailto:[email protected]] >> Sent: Monday, July 14, 2014 10:57 AM >> To: Mike Jones; Brian Campbell; John Bradley >> Cc: [email protected] >> Subject: Re: [OAUTH-WG] Dynamic Client Registration: jwks / jwks_uri >> >> That would then be a reference to an individual draft ;-) >> >> On 07/14/2014 07:55 PM, Mike Jones wrote: >>> One example is when used as a signed request to the authorization server, >>> as is done in http://tools.ietf.org/html/draft-sakimura-oauth-requrl-05. >> > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
