Hi all,
One of the things that's been a primary focus of both today's WG call
and last week's call is what are the specific use cases for
signatures?
- Why are signatures needed?
- end2end message-level security (w/ or w/o HTTPS) in order to prevent
intermediaries from tampering messages - in such a scenario encryption
should also be considered
- sender authentication - a signature based on the token secret might be
used to prove legitimate ownership of the token
- What do signatures need to protect?
Let's try to outline the use cases! Please reply here, so that we have
a good idea of what they are as we move towards the Anaheim WG.
regards,
Torsten.
b.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
