Hi all, as mentioned in the WG interim meeting, there are several ideas floating around of what DPoP actually does.
In an attempt to clarify this, if have unfolded the use cases that I see and written them down in the form of attacks that DPoP defends against: https://danielfett.github.io/notes/oauth/DPoP%20Attacker%20Model.html Can you come up with other attacks? Are the attacks shown relevant? Cheers, Daniel
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
