I might be suffering from a touch of confirmation bias but I think
this underscores what I was trying to say near the end of the JOSE
session in Vancouver during the "key finding algorithm" discussion.
Namely that finding a key is not the same as trusting a key and that
I'm concerned that explainin
To this, I'll add that the OpenID Connect ID Token specification at
http://openid.net/specs/openid-connect-core-1_0.html#IDToken adds this,
prohibiting the use of header parameters to communicate the keys:
ID Tokens SHOULD NOT use the JWS or JWE x5u, x5c, jku, or jwk header parameter
fields.
Section 3.2.1 talks about the need for and benefits of confidential
clients. For Auth Code Grants, can't public clients be as safe as
confidential clients if:
* HTTPS is being used for all communication
* Valid redirect_uri patterns are registered at the Auth Server for the
public clients
* A
Keeping the conversation from this morning going…
This morning I raised the issue that it is not clear to my as to why a client
would need to "manage" its registration (note: I think this analysis applies
equally to both the the management draft and the earlier SCIM profile I
published). What w
Hi all,
at today's OAuth meeting I suggested to get together during the week to
continue our conversation about draft-ietf-oauth-dyn-reg-management-00,
which dominated our conversation at the meeting today.
I would suggest to get together on **Thursday, at 11:30** (for lunch) at
the IETF registra
FYI: Here is the summary I sent to the SAAG list.
Original Message
Subject: IETF#89 OAuth Meeting Summary
Date: Tue, 04 Mar 2014 17:59:00 +0100
From: Hannes Tschofenig
To: s...@ietf.org
This morning we had our OAuth working group meeting and here is a short
summary of the disc
WFM
Phil
> On Mar 4, 2014, at 18:04, Hannes Tschofenig wrote:
>
> Hi all,
>
> at today's OAuth meeting I suggested to get together during the week to
> continue our conversation about draft-ietf-oauth-dyn-reg-management-00,
> which dominated our conversation at the meeting today.
>
> I would
WFM too
On Tue, Mar 4, 2014 at 6:13 PM, Phil Hunt wrote:
> WFM
>
> Phil
>
>> On Mar 4, 2014, at 18:04, Hannes Tschofenig
>> wrote:
>>
>> Hi all,
>>
>> at today's OAuth meeting I suggested to get together during the week to
>> continue our conversation about draft-ietf-oauth-dyn-reg-management-0
WFM too.
On 3/4/14 6:04 PM, "Hannes Tschofenig" wrote:
>Hi all,
>
>at today's OAuth meeting I suggested to get together during the week to
>continue our conversation about draft-ietf-oauth-dyn-reg-management-00,
>which dominated our conversation at the meeting today.
>
>I would suggest to get to
MFW
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Morteza Ansari
(moransar)
Sent: Tuesday, March 4, 2014 10:34 AM
To: Hannes Tschofenig; oauth@ietf.org
Subject: Re: [OAUTH-WG] Discussion about Dynamic Client Registration Management
Work
WFM too.
On 3/4/14
10 matches
Mail list logo
