> It is fair to say that the threats and mitigations from bearer tokens also
> apply to PoP tokens.> PoP tokens add additional key information that must
> also be protected along with the other > information in a access token.
THis doesn't really work because for example transport security to pr
While it is good to start with the connect spec, i would caution on the
assumption of compatibility. More than likely there will be changes based on
broader cases.
I would like to understand these broader requirements, use cases, and security
considerations first.
Phil
> On Nov 27, 2015,
It allows non-Connect implementation of OAuth 2.0 to also have a standard
discovery capability – and one that can later be updated to also support OpenID
Connect with no breaking changes, should that be desired in the future.
-- Mike
Fro
Can you elaborate on the advantage of having a separate parallel spec to OpenID
Discovery?
On Wednesday, November 25, 2015 3:37 PM, Mike Jones
wrote:
I’m pleased to announce that Nat Sakimura, John Bradley,
and I have created an OAuth 2.0 Discovery specification. This fills a hole
