Hi Hannes
On 25/04/14 10:44, Hannes Tschofenig wrote:
Hi Sergey,
On 04/25/2014 11:38 AM, Sergey Beryozkin wrote:
Hopefully PoP model will not be made exclusive for JWT only, it won't be
very OAuth2 friendly IMHO...
Note that draft-richer-oauth-signed-http-request-01 doesn't use JWTs. I
just uses a JSON-based encoding of the parameters. I put a strawman
proposal into the document.
For the access token there is also no requirement to use JWTs. The use
of a reference only (in combination with the token introspection) is one
possible deployment option (which I still need to add to the overview
document; I put a editor's note in the version of the document I
submitted today).
Thanks for the clarifications, actually,
draft-richer-oauth-signed-http-request-01 is quite cool, perhaps we will
see the document in time for using JWE for encrypting HTTP payloads too.
Looks like OAuth2 is going to affect a lot the way HTTP communications
are done in the future.
Cheers, Sergey
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
