Hi Sergey, On 04/25/2014 11:38 AM, Sergey Beryozkin wrote: > Hopefully PoP model will not be made exclusive for JWT only, it won't be > very OAuth2 friendly IMHO...
Note that draft-richer-oauth-signed-http-request-01 doesn't use JWTs. I just uses a JSON-based encoding of the parameters. I put a strawman proposal into the document. For the access token there is also no requirement to use JWTs. The use of a reference only (in combination with the token introspection) is one possible deployment option (which I still need to add to the overview document; I put a editor's note in the version of the document I submitted today). Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
