+1
sounds reasonable to distinguish the software and the user.
Am 23. März 2015 08:25:13 MEZ, schrieb Nat Sakimura <sakim...@gmail.com>:
>Re:
>https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3
>
>I understand the use of sub in this section comes down from SAML but I
>feel
>that some separation between sub and presenter would be nice.
>
>For example, when I am presenting the token using an app that I
>installed
>on my iPhone, the presenter is that app and not me, while the sub still
>may
>be me. The app is the authorized presenter/party (azp) of the token.
>
>So my proposal is to use a claim like "azp" instead of "sub" to
>identify
>the presenter. Less overload would cause less confusion later, IMHO.
>
>--
>Nat Sakimura (=nat)
>Chairman, OpenID Foundation
>http://nat.sakimura.org/
>@_nat_en
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
