perrylynd...@protonmail.com___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi All,
Thank you very much for the constructive feedback.
We have tried to address the WGLC comments received to date with the latest
draft published at
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwk-thumbprint-uri-01.
Following are updates made to the document:
- Added security co
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : JWK Thumbprint URI
Authors : Michael B. Jones
Kristina Yasuda
Fi
This (more or less) has come up again in the from of a github issue:
https://github.com/danielfett/draft-dpop/issues/105 and it has me sort of
maybe reconsidering the idea of introducing some kind of client metadata
that indicates that the client will always do DPoP. So I wanted to bring it
up agai
As part of the preparation for the shepherd write-up, I reviewed the
document and have the following comments:
https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-19.html
General comment
The document refers to a number of drafts that are not active anymore,
e.g., token binding, pop
