I support Steffi's suggestion (i.e. make it pop-only here and allow non-pop profiles in the framework).
/Ludwig -----Original Message----- From: Stefanie Gerdes <ger...@tzi.de> Sent: den 3 augusti 2020 16:18 To: Seitz Ludwig <ludwig.se...@combitech.se>; Benjamin Kaduk <ka...@mit.edu>; Paul Kyzivat <pkyzi...@alum.mit.edu> Cc: draft-ietf-ace-dtls-authorize....@ietf.org; General Area Review Team <gen-art@ietf.org>; hannes.tschofe...@arm.com Subject: Re: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12 Hi all, On 08/03/2020 08:21 AM, Seitz Ludwig wrote: >>>> * Also in section 3.3.1: >>>> >>>> ... This >>>> specification assumes that the access token is a PoP token as >>>> described in [I-D.ietf-ace-oauth-authz] unless specifically stated >>>> otherwise. <snip> Since no alternatives to PoP tokens are mentioned in the DTLS profile, I would change this to: "This specification implements access tokens as proof-of-possession tokens". Maybe the framework may add that a profile that uses a different token type must specify how this would work. Viele Grüße Steffi _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
