period (see Section 11.1), *unless the clock syncronization can be
made to depend on the issuance of the nonce values.*
Regards
Jacob
--
Jacob Ideskog
CTO
Curity AB
---
Sankt Göransgatan 66, Stockholm, Sweden
M: +46 70-2233664
iew.
>
> Thanks for the proposed text. I modified it a bit because I think the AS
> should only omit data (not mask) and data can be provided even if
> considered sensitive as long as there is a reasonable purpose and a legal
> basis.
>
> best regards,
> Torsten.
>
> A
t need that detail to
> function. Scopes have similar issues, but this structure adds more
> opportunities for mistakes just due to the possible increased complexity.
> >
> > -Justin
> >
> > From: OAuth [oauth-boun...@ietf.org] o
f the authorization_details claim in the
corresponding access token, or can it be a masked version?
Perhaps the security considerations section should be updated with a
statement with regards to the fact that the client may see claim data only
intended for the RS?
Regards
Jacob Ideskog
--
Jacob Ideskog
CTO
Curi
more flexible
approach, but OpenID isn't always in play.
Just my 5-cents
/Jacob Ideskog
Curity
mån 18 juni 2018 kl 21:00 skrev David Waite :
> One of the reasons I hear for people wanting parameterized scopes is to
> deal with transactions. I’d love to hear thoughts from the group o
