So, I have finally started to put the tip of my foot into IoT world and so I have no actual product or service, but PoP keys for CWT should be useful for severely constrained devices. We have seen so many instances of token interception and replay in IoT sphere. PoP keys in CBOR should help mitigate it.
Nat On Tue, Jun 13, 2017 at 3:19 AM Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > Hi all, > > RFC 7800 defines how to communicate Proof of Possession (PoP) keys for > JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT) > draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of > the JSON/JOSE JWT spec. > > The ACE working group is planning to also define a CBOR/COSE equivalent > of RFC 7800 and is interested in knowing how you might use CBOR > proof-of-possession keys for CWTs. > > Please drop us a message if you are using CBOR PoP keys for CWTs. We > would like to learn more about your usage. > > Ciao > Hannes & Kepeng > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Nat Sakimura Chairman of the Board, OpenID Foundation
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
