Hi Daniel,
from the history of the group I think it is fair to say that we can
guarantee that there will be further work on this topic.
The reason why I agree with Nat is that neither DPoP nor MTLS paint the
bigger picture.
Ciao
Hannes
Am 03.04.2023 um 09:20 schrieb Daniel Fett:
Hi Nat,
Hi Nat,
after reading through the PoP architecture document again, my impression
is that this document had a lot of value before MTLS and DPoP came
along. But when thinking about what an updated version could look like,
and considering that it is unlikely for the moment that many other PoP
me
Sorry, "oauth" apparently expanded to oauth list. My sincere apologies.
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi Torsten,
>From what I can see, there are substantial differences in the approaches.
The Security BCP is collecting what should be done with the current toolset
and currently known threats in detail.
The PoP Architecture, on the other hand, categorizes what kind of proof of
possession is conce
Hi Nat,
the Secure BCP defines sender-constrained access tokens and (I think) gives a
comprehensive description of the attacks prevented by sender-constrained access
tokens.
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-22#name-misuse-of-stolen-access-tok
Do you think
Hi
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture[1] has not
progressed and expired since 2017.
[1]
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-architecture-08
I just noticed it because I wanted to refer to it in one of the papers I am
involved with. IMHO, it has got go
