* Again, authenticating the *connection* from the RP to the backend services is good, but is completely orthogonal to authenticating the headers themselves.
I strongly disagree. Authenticating the sender allows the receiver to make a trust decision in the provenance and quality of the data it gets from the sender. Do you disagree with that?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
