The editors have published draft-ietf-oauth-proof-of-possession-03<https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-03>, which addresses the working group last call comments received. Thanks to all of you who provided feedback. The changes were:
* Separated the jwk and jwe confirmation members; the former represents a public key as a JWK and the latter represents a symmetric key as a JWE encrypted JWK. * Changed the title to indicate that a proof-of-possession key is being communicated. * Updated language that formerly assumed that the issuer was an OAuth 2.0 authorization server. * Described ways that applications can choose to identify the presenter, including use of the iss, sub, and azp claims. * Harmonized the registry language with that used in JWT [RFC 7519<http://tools.ietf.org/html/rfc7519>]. * Addressed other issues identified during working group last call. * Referenced the JWT and JOSE RFCs. The updated specification is available at: * https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-03 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-03.html -- Mike P.S. This note was also published at http://self-issued.info/?p=1406 and as @selfissued.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
