Re: [OAUTH-WG] Microsoft feedback on DPoP during April 2020 IIW session

2020-04-30 Thread David Waite
To add: there was discussion was whether the “htu" parameter should contain scheme/host/port/path, or just scheme/host/port. Dmitri indicated that it would aid their implementation to have the path eliminated. During JTI scale discussions, it was pointed out that some implementations may have

[OAUTH-WG] Microsoft feedback on DPoP during April 2020 IIW session

2020-04-30 Thread Mike Jones
Daniel Fett and David Waite (DW) hosted a great session on OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) at the virtualized IIW this week. Attendees also included Vitto

[OAUTH-WG] (no subject)

2020-04-30 Thread MŌHĀMĀD ĀLĪF ĪMRĀN BĪN MŪSTĀPHĀ
Yes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] April 27th Interim Meeting Material

2020-04-30 Thread Rifaat Shekh-Yusef
All, You can find this meeting minutes at the following link: https://datatracker.ietf.org/meeting/interim-2020-oauth-06/materials/minutes-interim-2020-oauth-06-202004271200 Thanks to *Jared Jennings *for taking these notes. Regards, Rifaat & Hannes On Sun, Apr 26, 2020 at 5:25 PM Rifaat Shekh

Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

2020-04-30 Thread Denis
Hello Vittorio, Your reply was amazingly fast. Responses are between the lines. Thanks Denis for the thorough commentary. /> The title of this spec./ Fixed, thanks! /> The client MUST NOT inspect the content of the access token/ This is really a sticky point. I really want to acknowledg