FYI - Dominick Baier sent me a note letting me know about his JWT
implementation:
http://leastprivilege.com/2012/05/25/json-web-token-jwt-support-in-thinktecture-identitymodel/
Have a good weekend, everyone!
-- Mike
__
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Threat Model and Security Considerations
Author(s) : Torsten Lodderstedt
Here a few minor comments:
The specification does not provide a lot of hints for the client when an
error occurs. For example, Section 4.1.1 only says "invalid_client" is
something goes wrong with the assertion processing in case of client
authentication. The same is true for the authorization gra
