That seems reasonable to me. Ludwig, are you able to raise the topic on the ACE list?
Thanks, Ben On Mon, Aug 03, 2020 at 02:21:12PM +0000, Seitz Ludwig wrote: > I support Steffi's suggestion (i.e. make it pop-only here and allow non-pop > profiles in the framework). > > /Ludwig > > -----Original Message----- > From: Stefanie Gerdes <ger...@tzi.de> > Sent: den 3 augusti 2020 16:18 > To: Seitz Ludwig <ludwig.se...@combitech.se>; Benjamin Kaduk <ka...@mit.edu>; > Paul Kyzivat <pkyzi...@alum.mit.edu> > Cc: draft-ietf-ace-dtls-authorize....@ietf.org; General Area Review Team > <gen-art@ietf.org>; hannes.tschofe...@arm.com > Subject: Re: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12 > > Hi all, > > On 08/03/2020 08:21 AM, Seitz Ludwig wrote: > >>>> * Also in section 3.3.1: > >>>> > >>>> ... This > >>>> specification assumes that the access token is a PoP token as > >>>> described in [I-D.ietf-ace-oauth-authz] unless specifically stated > >>>> otherwise. > > <snip> > > Since no alternatives to PoP tokens are mentioned in the DTLS profile, I > would change this to: "This specification implements access tokens as > proof-of-possession tokens". > > Maybe the framework may add that a profile that uses a different token type > must specify how this would work. > > Viele Grüße > Steffi _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
