Re: https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3
I understand the use of sub in this section comes down from SAML but I feel that some separation between sub and presenter would be nice. For example, when I am presenting the token using an app that I installed on my iPhone, the presenter is that app and not me, while the sub still may be me. The app is the authorized presenter/party (azp) of the token. So my proposal is to use a claim like "azp" instead of "sub" to identify the presenter. Less overload would cause less confusion later, IMHO. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth