The second paragraph of
https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-03#section-3
now provides a more general description of ways that applications may choose to
identify the presenter, including use of the “azp” (authorized party) claim.
+1
The JWT may well be about the sub but presented by some software component
that should be independently identified.
On Mon, Mar 23, 2015 at 2:25 AM, Nat Sakimura sakim...@gmail.com wrote:
Re:
https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3
I understand the
+1
sounds reasonable to distinguish the software and the user.
Am 23. März 2015 08:25:13 MEZ, schrieb Nat Sakimura sakim...@gmail.com:
Re:
https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3
I understand the use of sub in this section comes down from SAML but I
feel
Re:
https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3
I understand the use of sub in this section comes down from SAML but I feel
that some separation between sub and presenter would be nice.
For example, when I am presenting the token using an app that I installed
on