> Am 09.11.2017 um 04:42 schrieb Brian Campbell <[email protected]>:
> 
> There is no special reason for the 
> "mutual_tls_sender_constrained_access_tokens" name that I'm aware of. I 
> believe Torsten chose the name and based it off of language in the draft. 
> While "certificate_bound_access_tokens" does sound somewhat more natural, I'm 
> hesitant to change it at this point. Unless there's support/consensus from 
> the WG to make the change?

I choose „sender" because this is the terminology John and I use in 
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4.1.2 
<https://tools.ietf.org/html/draft-ietf-oauth-security-topics-03#section-4.4.1.2>
 to describe a certain kind of mechanisms for token phishing prevention. I’m 
fine with using „certificate“ instead of „sender“ in this spec as the more 
precise term. I feel we need to keep a suitable prefix to indicate the 
connection to mutual tls or tls client auth, respectively, but I’m not bound to 
it.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to