subject:"\[OAUTH\-WG\] Digest for DPoP"

Re: [OAUTH-WG] Digest for DPoP

2021-02-19 Thread Brian Campbell

Hi Roberto, The SHMIP draft is in the OIDF's FAPI repository https://bitbucket.org/openid/fapi/src/master/ and mailing list is https://lists.openid.net/mailman/listinfo/openid-specs-fapi The

Re: [OAUTH-WG] Digest for DPoP

2021-02-19 Thread Roberto Polli

Hi @all, I'm planning to read those I-D as they might be useful in a project, and I'm happy to provide feedback on digest usage. In general, when building protocols over HTTP it is necessary to take into account the semantics (eg. range requests, caching, ...) because reverse proxies, WAF and api

Re: [OAUTH-WG] Digest for DPoP

2021-02-19 Thread Brian Campbell

My inclination is to keep digest[1] out of the base DPoP document. I do believe that including it would add unneeded complexity to regular old DPoP (there are some subtleties around digest that make it more complicated than one might expect) and, from a design philosophy perspective, DPoP has

[OAUTH-WG] Digest for DPoP

2021-02-17 Thread Justin Richer

Two different specifications (GNAP and FAPI signatures) have recently profiled DPoP to use its signature method to protect a different kind of protocol entirely. One thing these methods have in common is that they both define an additional field for holding a digest of the HTTP Message Body:

Re: [OAUTH-WG] Digest for DPoP

Re: [OAUTH-WG] Digest for DPoP

Re: [OAUTH-WG] Digest for DPoP

[OAUTH-WG] Digest for DPoP

4 matches

Site Navigation

Mail list logo

Footer information