Hi all Following the virtual interim meeting discussion last week about "OAuth Proof of Possession Tokens with HTTP Message Signature" my main concern is about the unclear boundary between draft-ietf-oauth-dpop<https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/> and the OAuth Proof of Possession Tokens with HTTP Message Signature solution and the resulting confusion by developers.
Several active working group participants have in the past expressed concerns about the confusion our specification create in the developer community. Having two (or more) solutions that offer the same or similar functionality will for sure lead to confusion. If the group could come up with a description of when to use what solution that would be valuable. At the conference call there was a disagreement between Brian and Justin about where that boundary is. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth