Just one minor note -- this is a great discussion to see happening!
On Tue, Oct 23, 2018 at 04:43:14PM +0200, Ludwig Seitz wrote:
>
> On 22/10/2018 21:09, Jim Schaad wrote:
> > * Section 5.8.2 - If the RS is going to do introspection, can it send some
> > type of "Server Busy - try again in xxx"
I submitted an update of the PoP key distribution document to get it in sync
with what is happening with the ACE OAuth framework.
Ciao
Hannes
From: Hannes Tschofenig
Sent: Tuesday, October 23, 2018 2:19 PM
To: oauth
Subject: draft-ietf-oauth-pop-key-distribution-04
Hi all,
I refreshed the
> -Original Message-
> From: Ludwig Seitz
> Sent: Tuesday, October 23, 2018 7:43 AM
> To: Jim Schaad ; draft-ietf-ace-oauth-
> au...@ietf.org
> Cc: ace@ietf.org
> Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
>
> Hallo Jim,
>
> thank you for the review! Comments inline.
>
>
Hallo Jim,
thank you for the review! Comments inline.
/Ludwig
On 22/10/2018 21:09, Jim Schaad wrote:
* Section 3.1 - Refresh Token - I don't think that refresh tokens are going
to be strings because binary is more efficient.
This refers to the way it is defined in OAuth. I'll add a word to
On 22/10/2018 21:09, Jim Schaad wrote:
Here are my WGLC comments:
* I am not sure that I understand what the protocol flow is when JAR is
being used. Is there a potential case where a JWT would be used as the
structure of an OAuth response? If so then is there a problem with defining
cnf in