Ah yes, I am remembering vague snatches of that Sunday meeting we had in London.
In 3.1 it states you have to use a hash function of equal size to the JWT
wrapper's. Why don't we just specify that the same function must be used?
Why include a timestamp explicitly here when we could use the Date h
Yes it did, as part of the PoP suite. It's the current stab at an HTTP
presentation mechanism for PoP tokens.
-- Justin
On Dec 22, 2014, at 11:21 AM, Bill Mills
mailto:wmills_92...@yahoo.com>> wrote:
Did this get adopted as a WG item already and I missed it?
On Monday, December 22, 2014 4:3
Did this get adopted as a WG item already and I missed it?
On Monday, December 22, 2014 4:33 AM, Justin Richer
wrote:
That's easy: any headers. That's why the signer specifies which ones. Would be
good to have since guidance tough, and examples.
-- Justin
/ Sent from my phone /
-
Hi, yes, it is obvious for anyone who has read the text carefully :-),
sorry for the noise
Sergey
On 22/12/14 12:33, Justin Richer wrote:
That's easy: any headers. That's why the signer specifies which ones.
Would be good to have since guidance tough, and examples.
-- Justin
/ Sent from my pho
That's easy: any headers. That's why the signer specifies which ones. Would be
good to have since guidance tough, and examples.
-- Justin
/ Sent from my phone /
Original message
From: Sergey Beryozkin
Date:12/22/2014 7:08 AM (GMT-05:00)
To: oauth@ietf.org
Cc:
Subjec
Hi Justin
I see a fair bit of interest toward this work now being shown from my
colleagues; it would help if the next draft could clarify which HTTP
headers can be signed given it is difficult to get hold of some of HTTP
headers typically created by a low level HTTP transport component.
Than
