Hi Samuel,
as far as I understand your draft, it utilizes results of the (D)TLS client
authentication for authentication towards the tokens endpoint - similar to
https://tools.ietf.org/html/draft-ietf-oauth-mtls-00.html. Do you intend to
also utilize the binding of the access token to a certain
two days can last for a very long time ;-) I will add this threat to the list
to be covered by our new security draft.
> Am 10.05.2017 um 23:15 schrieb André DeMarre :
>
> I see there is a new security considerations document being drafted. There is
> an old issue that I've recently been remind
