The RS is going to have to advertise what presentment mechanisms it supports.
We don’t have that yet. I suspect that it might be part of OAuth Discovery. Currently that mostly cover AS discovery, but for the RS I could see doing a head on the resource and getting back a link to a JSON document that would contain meta-data about the RS. The standard OAuth answer to this question is the client would get it from the service documentation, but that is not really scalable. > On Feb 5, 2016, at 5:30 AM, Ludwig Seitz <lud...@sics.se> wrote: > > On 02/04/2016 05:14 PM, John Bradley wrote: >> In https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution >> >> The proof key is included in the access token or provided out of band. >> >> The proof mechanism to the RS is what would determine if the key type needs >> to match DTLS . >> If the proof is DTLS then they would need to match. >> > > Thank you John, this leads me to another question (maybe I just missed it in > the PoP drafts): Who decides what the proof mechanism should be? How is the > proof mechanism signaled to the client (the client may support several proof > mechanisms)? > > /Ludwig > > > -- > Ludwig Seitz, PhD > SICS Swedish ICT AB > Ideon Science Park > Building Beta 2 > Scheelevägen 17 > SE-223 70 Lund > > Phone +46(0)70 349 9251 > http://www.sics.se > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
