Why is TLS to the intospection endpoint not sufficient? Are you thinking there needs to be some multi-tenancy support of some kind?
-Brock On 3/18/2018 3:33:16 PM, Torsten Lodderstedt <[email protected]> wrote: Hi all, I just submitted a new draft that Vladimir Dzhuvinov and I have written. It proposes a JWT-based response type for Token Introspection. The objective is to provide resource servers with signed tokens in case they need cryptographic evidence that the AS created the token (e.g. for liability). I will present the new draft in the session on Wednesday. kind regards, Torsten. Anfang der weitergeleiteten Nachricht: Von: [email protected] [mailto:[email protected]] Betreff: New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt Datum: 18. März 2018 um 20:19:37 MEZ An: "Vladimir Dzhuvinov" <[email protected] [mailto:[email protected]]>, "Torsten Lodderstedt" <[email protected] [mailto:[email protected]]> A new version of I-D, draft-lodderstedt-oauth-jwt-introspection-response-00..txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Name: draft-lodderstedt-oauth-jwt-introspection-response Revision: 00 Title: JWT Response for OAuth Token Introspection Document date: 2018-03-15 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt [https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt] Status: https://datatracker..ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/ [https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/] Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00 [https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00] Htmlized: https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response [https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response] Abstract: This draft proposes an additional JSON Web Token (JWT) based response for OAuth 2.0 Token Introspection. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org [http://tools.ietf.org]. The IETF Secretariat
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
