Hello Olaf, The AS is supposed to have this information from the registration of the clients and RSs (see Appendix D).
The underlying assumption was that if the AS does not have this information it could not generate the right kind of access tokens anyways (e.g. selecting the right kind of pop-keys, the right kind of COSE wrapper). /Ludwig > I wonder how the AS is supposed to know which ace profiles the client > implements? > > [1] > https://tools.ietf.org/rfcmarkup?doc=draft-ietf-ace-oauth-aut#section-5.6.3 > > Grüße > Olaf _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace