Hi,
I think it is a reasonable simplification to mandate that PoP key and
(D)TLS Mode matches i.e. if the PoP keys is symmetric the (D)TLS mode would
be PSK, if the PoP key is asymmetric (D)TLS mode would be Raw Public key.
But I think there is some compelling properties of having a symmetric PoP
Ludwig Seitz wrote:
> On 02/04/2016 03:31 PM, Michael Richardson wrote:
>>
>> Ludwig Seitz wrote: > Assuming we are using (D)TLS to
>> secure the connection between C and RS, > assuming further that we are
>> using proof-of-possession tokens [2], > i.e. tokens linked to a key
There is a more general problem in PaaS deployment about how RA and AS
infrastructure discover and coordinate with each other. For the most part this
hasn't been necessary since usually the AS and RS are controlled by the same
admins. But in PaaS/IaaS the requirements vary widely.
How does an
The RS is going to have to advertise what presentment mechanisms it supports.
We don’t have that yet. I suspect that it might be part of OAuth Discovery.
Currently that mostly cover AS discovery, but for the RS I could see doing a
head on the resource and getting back a link to a JSON documen
Michael,
thank you for answering, this is getting very interesting.
Comments inline.
/Ludwig
On 02/05/2016 04:26 PM, Michael Richardson wrote:
First, let me say that I confused RS and RO/AS in my mind when reading before.
Starting again, I think that any PSK for authentication between C<->R
On 02/07/2016 06:24 PM, Samuel Erdtman wrote:
Hi,
~snip~
But I think there is some compelling properties of having a symmetric
PoP key and a Raw Public Key (D)TLS. In this case the Public key of the
RS can be distributed to the client in the client information (the
attributes accompanying the
On 02/04/2016 05:14 PM, John Bradley wrote:
In https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution
The proof key is included in the access token or provided out of band.
The proof mechanism to the RS is what would determine if the key type needs to
match DTLS .
If the proof is DT
In https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution
The proof key is included in the access token or provided out of band.
The proof mechanism to the RS is what would determine if the key type needs to
match DTLS .
If the proof is DTLS then they would need to match.
POP wi
Thank you Michael! Comments inline.
/Ludwig
On 02/04/2016 03:31 PM, Michael Richardson wrote:
Ludwig Seitz wrote:
> Assuming we are using (D)TLS to secure the connection between C and RS,
> assuming further that we are using proof-of-possession tokens [2],
> i.e. tokens linked
Ludwig Seitz wrote:
> Assuming we are using (D)TLS to secure the connection between C and RS,
> assuming further that we are using proof-of-possession tokens [2],
> i.e. tokens linked to a key, of which the client needs to prove
possession in
> order for the RS to accept the toke
10 matches
Mail list logo
