+1 for the diagrams making the document more understandable. One little nit/question, step 1 in both Symmetric and Asymmetric keys shows the Presenter sending the key to the Issuer. It's possible, however, for the key to be sent the other way. Presenter sending it to the Issuer is probably preferred for asymmetric, especially if the client can secure the private keys in hardware. But I don't know if one way or the other is clearly better for symmetric case and PoP key distribution currently has it the other way <https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-02#section-4.2>. Should the intro text somehow mention the possibility that the Issuer could create the key and send it to the Presenter?
I know it's only the introduction but it was just something that jumped out at me. <https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-02#section-4.2> On Wed, Nov 4, 2015 at 9:04 AM, Mike Jones <michael.jo...@microsoft.com> wrote: > Thanks for suggesting the diagrams, Kepeng. They make the document more > understandable. > > -- Mike > ------------------------------ > From: Kepeng Li <kepeng....@alibaba-inc.com> > Sent: 11/5/2015 12:57 AM > To: Mike Jones <michael.jo...@microsoft.com>; oauth@ietf.org > Subject: Re: Proof-of-Possession Key Semantics for JWTs spec addressing > final shepherd comment > > Thank you Mike. > > The diagrams look good to me. > > Kind Regards > Kepeng > > 发件人: Mike Jones <michael.jo...@microsoft.com> > 日期: Thursday, 5 November, 2015 12:32 am > 至: "oauth@ietf.org" <oauth@ietf.org> > 抄送: Li Kepeng <kepeng....@alibaba-inc.com> > 主题: Proof-of-Possession Key Semantics for JWTs spec addressing final > shepherd comment > > Proof-of-Possession Key Semantics for JWTs draft -06 addresses the > remaining document shepherd comment – adding use case diagrams to the > introduction. > > > > The updated specification is available at: > > · > http://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-06 > > > > An HTML formatted version is also available at: > > · > https://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-06.html > > > > -- Mike > > > > P.S. This note was also posted at http://self-issued.info/?p=1471 and as > @selfissued <https://twitter.com/selfissued>. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
