I am not aware of any IPR related to this document.
On Fri, Jan 4, 2019 at 8:43 AM Rifaat Shekh-Yusef
wrote:
> Authors,
>
> As part of the write-up for the Resource Indicators document, we need an
> IPR disclosure from all of you.
>
> Are you aware of any IPR related to the following Resource
I don't honestly know for sure but I suspect that employees of big
corporations will likely have keys/certs on their devices/machines that are
issued by some internal CA and provisioned to them automatically (and in
many cases without the user knowing and/or understanding that they are
there and
OSS https://github.com/panva/node-oidc-provider has the latest draft
implemented.
and similar to Ping, Auth0 also has a different named parameter
('audience') that works within the Resource Indicators draft boundaries.
Best,
*Filip*
On Mon, Jan 7, 2019 at 6:48 PM Brian Campbell wrote:
> Ping
Ping has an implementation that was done years ago but using a different
parameter name (see 'aud' at
https://documentation.pingidentity.com/pingfederate/pf92/index.shtml#adminGuide/tokenEndpoint.html
for one example). So it's not this exact draft per se but is conceptually
the same. And problems
Thinking about this, given that this is the *token* endpoint that clients talk
to directly, not the *authorize* endpoint, it seems already possible for the AS
to put it on a different port/host so that users aren’t ever prompted for a
cert. Right?
— Neil
> On 7 Jan 2019, at 17:21, Brian
I think we shouldn't make a sweeping assumption that may potentially harm
UX for end-users. Even if for a small percentage. Tho i can say for sure
this percentage may also be rather significant depending on the types of
services end-users have encountered in the past and made them install certs.
