Hi John,
On 07/11/14 20:42, John Bradley wrote:
Inline
On Nov 7, 2014, at 1:02 PM, Sergey Beryozkin wrote:
Hi John
Many thanks for the clarifications. FYI, I posted some comments re the
http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution to a
dedicated thread.
I just wonder
Inline
On Nov 7, 2014, at 1:02 PM, Sergey Beryozkin wrote:
> Hi John
>
> Many thanks for the clarifications. FYI, I posted some comments re the
> http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution to a
> dedicated thread.
>
> I just wonder is it OK to distinguish between bear
Hi John
Many thanks for the clarifications. FYI, I posted some comments re the
http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution to a
dedicated thread.
I just wonder is it OK to distinguish between bearer and JWT tokens in
the spec texts referring to the client processing t
You don't need to use JWT access tokens, you could use a opaque token and
introspect it. However JWT access tokens are likely the simplest answer for
getting the clients proof key to the RS.
in http://tools.ietf.org/html/draft-bradley-oauth-pop-key-distribution you can
register a secret for th
Or if the confidential client does
HTTP Accept: application/jose, why don't
reply with the whole OAuth2 token response JWE or JWS encoded as opposed
to tweaking individual token response parameters...
may be I'm getting carried away here but I'm getting quite positive and
even excited about t
Sorry all for a certain typo in the text below
Sergey
On 07/11/14 11:12, Sergey Beryozkin wrote:
Hi
On 06/11/14 18:51, Bill Mills wrote:
So you're wanting end to end security not relying on TLS?
I was not really thinking about HTTPS vs HTTP in this case. I'm kind of
in the process of apprecia
Hi
On 06/11/14 18:51, Bill Mills wrote:
So you're wanting end to end security not relying on TLS?
I was not really thinking about HTTPS vs HTTP in this case. I'm kind of
in the process of appreciating what JWE/JWS can do and I can't help
trying to consider it applying at the every possible opp
So you're wanting end to end security not relying on TLS?
Have you seen the new draft on protecting codes from interception? Currently
called SPOP but needs a different name.
On Thursday, November 6, 2014 4:12 AM, Sergey Beryozkin
wrote:
Hi
Does it make sense to consider suppo
