I don't see any notes posted here <[email protected]>
In case it is helpful, I was taking personal notes mostly from the Token Binding perspective, and noted..
* it seems that oauth folk will need to write their own oauth token binding spec rather than re-use the -tokbind-https spec [1] * it may be the case that the semantics are equivalent to referred_token_binding type and so there may be no need to invent a new TBType * we ought to explain better in -tokbind-protocol [2] the separation of the proof-of-possesion & the allocation of Token Binding IDs (TBIDs), and the incorporation of TBIDs in app-layer objects, eg OAuth tokens, HTTP cookies, etc. HTH, =JeffH [1] https://tools.ietf.org/html/draft-ietf-tokbind-https [2] https://tools.ietf.org/html/draft-ietf-tokbind-protocol _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
