Thanks to those addressing the points I missed during the meeting!
ᐧ
On Mon, Nov 30, 2020 at 3:15 PM Rifaat Shekh-Yusef
wrote:
> All,
>
> You can find the minutes of the *DPoP* meeting here:
>
>
All,
You can find the minutes of the *DPoP* meeting here:
https://datatracker.ietf.org/meeting/interim-2020-oauth-16/materials/minutes-interim-2020-oauth-16-202011301200-01
and here:
https://codimd.ietf.org/notes-ietf-interim-2020-oauth-16-oauth?view
Thanks to *Dick Hardt* for taking these
Hi Denis,
The choice to use "iat" vs. "exp" was made in the summer of last year. You
can see some of the discussion from then in
https://github.com/danielfett/draft-dpop/issues/38. I believe it pretty
well has consensus at this point and thus unlikely to be changed.
While I do believe there are
Pushing this to the top of the stack in case there is interest in
separating the binding mechanism from the RT / AT so that existing RTs /
ATs can be used.
ᐧ
On Fri, Nov 6, 2020 at 2:12 PM Dick Hardt wrote:
> Hello
>
> After reviewing the DPoP spec, and reflecting on implementations I have
>
One comment on slide 5 about the /time window/.
At the bottom, on the left, it is written: "Only valid for a limited
/time window/ relative to creation time".
While the creation time is defined by "iat", the /time window/ is
currently left at the discretion of each RS.
It would be