> Am 09.11.2017 um 04:42 schrieb Brian Campbell <[email protected]>: > > There is no special reason for the > "mutual_tls_sender_constrained_access_tokens" name that I'm aware of. I > believe Torsten chose the name and based it off of language in the draft. > While "certificate_bound_access_tokens" does sound somewhat more natural, I'm > hesitant to change it at this point. Unless there's support/consensus from > the WG to make the change?
I choose „sender" because this is the terminology John and I use in https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4.1.2 <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4.1.2> to describe a certain kind of mechanisms for token phishing prevention. I’m fine with using „certificate“ instead of „sender“ in this spec as the more precise term. I feel we need to keep a suitable prefix to indicate the connection to mutual tls or tls client auth, respectively, but I’m not bound to it.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
