On 02/04/2016 05:14 PM, John Bradley wrote:
In https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution
The proof key is included in the access token or provided out of band.
The proof mechanism to the RS is what would determine if the key type needs to
match DTLS .
If the proof is DT
+1 that it should be Informational.
Also, I never got to respond to the original request, but I am heavily in
favor of this draft. I talk with a lot of native app developers who are
clueless about how to implement OAuth. The core RFC is very web app
oriented. I look forward to having a more prof
+1
On 2/5/16 10:10 AM, Adam Lewis wrote:
+1 that it should be Informational.
Also, I never got to respond to the original request, but I am heavily
in favor of this draft. I talk with a lot of native app developers who
are clueless about how to implement OAuth. The core RFC is very web
app o
The chairs approved this as a working group document.
The initial version I posted is marked as an intended status as a "Best Current
Practice”
The advantage of a BCP is that it can be updated to include new information as
things change.
The spec has no extensions to OAuth 2 or MUST’s to profi
Thank you everyone for your support, and adoption of this document!
This spec doesn't modify the OAuth 2.0 protocol, rather it provides a set
of technical guidelines for implementing OAuth 2.0 for native apps in a
secure and usable way. The intent is a document that has the technical
approval of t
