hello,
A recent thread on the JOSE mailing list reminded me of how parsing JSON
strings when not required can lead to scenarios where an attacker can
exploit a vulnerable json parser, possibly before verification occurs... as
tokens can sometimes be the first untrusted user input processed by
Hi all,
Mike and I took some time to categorize all the feedback on the Protected
Resource Metadata on the mailing list and moved them to GitHub:
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues
Feel free to chime in on any of the threads there. We will be addressing
the