Hi Chairs and WG, Back in Bangkok, we presented the draft https://datatracker.ietf.org/doc/draft-richer-oauth-tmb-claim/ that introduces, in a concrete way, the notion of getting a token bound to a key that you don’t possess. As we discussed, this is a topic that keeps coming up in the OAuth space and is usually dutifully pushed aside for the sake of simplicity (and some would argue sanity).
The chairs mentioned pulling together an interim meeting for the OAuth WG for us to discuss this topic ahead of Madrid, to see if there was anything more we as a community want to do with it. As we’re now more than halfway between the meetings, we wanted to bring that up again and see if that interim can get scheduled soon. I’d also like to encourage people to read through the draft and open the discussion here on the list more. — Justin _______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
