Re: [OAUTH-WG] [External Sender] Comments on draft-ietf-oauth-transaction-tokens-01

Hi Joe, Thanks so much for the review. Comments inline (I'm only addressing some in this email:) On Wed, Apr 10, 2024 at 11:44 PM Joseph Salowey wrote: > I have reviewed the Transaction Token document. In general I think it is > a needed document and I am glad there is work in this area. I ha

Re: [OAUTH-WG] [External Sender] Re: Transaction Tokens issuance in the absence of incoming token

Atul has submitted this PR to address this issue. https://github.com/oauth-wg/oauth-transaction-tokens/pull/90 On Fri, Apr 12, 2024 at 12:10 PM Atul Tulshibagwale wrote: > Thanks all, for your input. We discussed alternatives on a call last week >

Re: [OAUTH-WG] Transaction Tokens issuance in the absence of incoming token

Thanks all, for your input. We discussed alternatives on a call last week , and arrived at using self-signed tokens with token exchange as a way forward. On Fri, Apr 5, 2024 at 10:58 AM Brian Campbell wrote: > One potential benefit of keeping the use of T

Re: [OAUTH-WG] Signed JWK Sets

I’m not sure this is an official call for adoption, but I support this draft. Regardless of the discussion in the other thread, I think this draft has clear value and is well designed. A couple of thoughts:Presumably it is infeasible for a client to construct a TLS transcript that looks like a vali