"key confirmed" or "key confirmation" is another term that is widely
used for these use-cases
I really *like* the name "proof of possession", but I think the
acronym PoP is going to be confused with POP. HOTK has the advantage
of not being a homonym for aything else. What about "Possession Proof"?
-bill
--------------------------------
William J. Mills
"Paranoid" MUX Yahoo!
On Thursday, April 3, 2014 1:38 AM, "internet-dra...@ietf.org"
<internet-dra...@ietf.org> wrote:
A new version of I-D, draft-hunt-oauth-pop-architecture-00.txt
has been successfully submitted by Hannes Tschofenig and posted to the
IETF repository.
Name: draft-hunt-oauth-pop-architecture
Revision: 00
Title: OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
Document date: 2014-04-03
Group: Individual Submission
Pages: 21
URL:
http://www.ietf.org/internet-drafts/draft-hunt-oauth-pop-architecture-00.txt
Status:
https://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/
Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-00
Abstract:
The OAuth 2.0 bearer token specification, as defined in RFC 6750,
allows any party in possession of a bearer token (a "bearer") to get
access to the associated resources (without demonstrating possession
of a cryptographic key). To prevent misuse, bearer tokens must to be
protected from disclosure in transit and at rest.
Some scenarios demand additional security protection whereby a client
needs to demonstrate possession of cryptographic keying material when
accessing a protected resource. This document motivates the
development of the OAuth 2.0 proof-of-possession security mechanism.
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
