Re: [OAUTH-WG] Regarding iat and nonce in DPoP Proofs

2022-03-30 Thread Filip Skokan
Hello Jacob, dear Authors, If the server (AS or RS) utilizes the `nonce` mechanism to limit the acceptance timeframe of DPoP Proof JWTs it would appear the need to check the `iat` claim for "freshness" is redundant. If we're making the client jump through hoops to enforce fresh proofs via `nonce`

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Pieter Kasselman
I support publication From: OAuth On Behalf Of Warren Parad Sent: Wednesday 30 March 2022 13:12 To: Torsten Lodderstedt Cc: oauth Subject: Re: [OAUTH-WG] WGLC for DPoP Document I support publication.

[OAUTH-WG] OAuth2.1: auth-param in WWW-Authenticate optional?

2022-03-30 Thread Johannes Koch
Hi, in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-05 section 5.2.2: All challenges for this token type MUST use the auth-scheme value Bearer. This scheme MUST be followed by one or more auth-param values. Why is at least one auth-param required? It makes

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Warren Parad
I support publication. Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress . On Wed, Mar 30, 2022 at 2:08 PM Torsten Lodderstedt wrote: > I support publication of this specification. > > Am 30.03.2022 um 09:18 schrieb

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Torsten Lodderstedt
I support publication of this specification. > Am 30.03.2022 um 09:18 schrieb Steinar Noem : > > I support publication of the specification > > ons. 30. mar. 2022 kl. 08:56 skrev Dave Tonge >: > I support publication of the specification > > On Wed, 30 Mar

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Steinar Noem
I support publication of the specification ons. 30. mar. 2022 kl. 08:56 skrev Dave Tonge : > I support publication of the specification > > On Wed, 30 Mar 2022 at 08:55, Daniel Fett wrote: > >> I also support publication. >> >> -Daniel >> Am 29.03.22 um 23:20 schrieb David Waite: >> >> I also

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Dave Tonge
I support publication of the specification On Wed, 30 Mar 2022 at 08:55, Daniel Fett wrote: > I also support publication. > > -Daniel > Am 29.03.22 um 23:20 schrieb David Waite: > > I also support publication of this specification > > -DW > > On Mar 29, 2022, at 3:12 PM, Mike Jones < >

Re: [OAUTH-WG] WGLC for DPoP Document

2022-03-30 Thread Daniel Fett
I also support publication. -Daniel Am 29.03.22 um 23:20 schrieb David Waite: I also support publication of this specification -DW On Mar 29, 2022, at 3:12 PM, Mike Jones wrote: I support publication of the specification. -- Mike *From:*OAuth *On Behalf Of*Rifaat Shekh-Yusef