Re: [OAUTH-WG] Call for adoption: Token Binding for OAuth 2.0

+1 Am 17.08.2016 09:39, schrieb Dirk Balfanz: On Wed, Aug 3, 2016 at 1:48 PM John Bradley > wrote: I accept these documents as a starting point of the Token binding work in OAuth. Same here. I accept adoption as a starting point. Dirk. John B. >

Re: [OAUTH-WG] OAuth Metadata Specifications Enhanced

It does not adress the relationship between resource and scope. Am 04.08.2016 22:12, schrieb John Bradley: This was proposed https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-01 It seemed to be a bit too controversial for the WG to accept at the time it was discussed. Joh

Re: [OAUTH-WG] OAuth Metadata Specifications Enhanced

>From a security protocols design point of view, it is a good practice to indicate what entity in what role are going to be involved in what sequence. So, including a resource indicator in the authorization request is good - if it does not stop there and it is possible at all. Resource indicator ne

Re: [OAUTH-WG] OAuth Metadata Specifications Enhanced

+1. This is more in line with the alternate proposal submitted previously - and probably expressed better. :) https://tools.ietf.org/html/draft-hunt-oauth-bound-config-00 Phil @independentid www.independentid.com phil.h...@oracle.com

[OAUTH-WG] Request for error code: all those from OAuth 2.0 core [RFC6749]

The IANA "OAuth Extensions Error Registry" doesn't list most of the errors defined in the core OAuth 2.0 spec [RFC6749], only those added by other specs. This is just annoying. It would be far more useful