Dear Stephanie McCammon,
The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request.
oauth Session 1 (2:30:00)
Friday, Morning Session I 0900-1130
Room Name: Zurich C size: 100
--
We rethought aud in
https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators
We wanted it to work with bearer tokens so that the AS could put a audience in
the token that could not be faked by a malicious RS.
For the bearer token use case it needs to be a URI to avoid the client bei
I also think that this can be useful outside of Token Binding as this we have
been looking at use cases for offline access tokens (or ID Tokens), and this
sort of forms the basis for this approach
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Nat Sakimura
Sent: Thursday, March 2, 2017
On 2017-02-24 22:58, John Bradley wrote:
I updated the references but haven't made any other changes.
I had some questions about it so though it was worth keeping alive
at-least for discussion.
There have been some other questions and proposed changes.
I will take a look through them and see i
Thanks John.
Perhaps you can add the discussion to the security consideration.
I understand the issue with mobile clients inability to get a good random
but the shift of key generation point would have a large impact on the
liability shift as well so I would probably profile it down always to
req
