Thanks for your review, Hannes. Replies are inline...
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, August 3, 2016 12:51 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Review of draft-ietf-oauth-amr-values-01
Hi Mike, Phil, Tony
Thanks for your review, William. Draft -02 will address these comments as
follows:
1. Added section number, as suggested.
2. Moved copy of “amr” definition into Introduction, separating it from the
Values section. I agree that that makes the specification more readable.
Thanks for your question, Vladimir. No, there is not currently an
X.509-specific value defined. However, there are these related values:
hwk
Proof-of-possession (PoP) of a hardware-secured key. See
Appendix C of [RFC4211] for a discussion on PoP.
swk
Proof-of-possessio
Yes one of the reasons for not pushing ahead with AC/DC despite the cool name
was that Token Exchange will provide a more general approach to solve some of
the same uses cases.
If we did AC/DC for the specific Connect use case then we would still have
other gaps that would need another spec an
