All,
You can find the minutes of the Dec 7th meeting here:
https://datatracker.ietf.org/meeting/interim-2020-oauth-17/materials/minutes-interim-2020-oauth-17-202012071200-00
and here:
https://codimd.ietf.org/s/notes-ietf-interim-2020-oauth-17-oauth
Thanks to *Justin Richer *for taking these notes
While there are certainly more than a few different ways of approaching it,
I am still not convinced of any significant advantage to tracking iat + a
slightly smaller jti value vs. what is currently in the draft. And as we
are trying to reflect WG consensus here rather than one person's opinion, I
Hi Brian,
The client is not necessarily identified in requests to the RS (it
could be via the access token but that's an implementation detail that
can't be counted on in spec) so maintaining a per client list isn't
viable.
That as well as some other considerations/approaches were talked abo
