Hi, The draft Signing HTTP Messages (https://tools.ietf.org/html/draft-cavage-http-signatures-09) could not meet this requirement in a more generic way ?
Regards, Louis De : OAuth <oauth-boun...@ietf.org> De la part de Brock Allen Envoyé : dimanche 18 mars 2018 20:40 À : Torsten Lodderstedt <tors...@lodderstedt.net>; oauth@ietf.org Objet : Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt Why is TLS to the intospection endpoint not sufficient? Are you thinking there needs to be some multi-tenancy support of some kind? -Brock On 3/18/2018 3:33:16 PM, Torsten Lodderstedt <tors...@lodderstedt.net<mailto:tors...@lodderstedt.net>> wrote: Hi all, I just submitted a new draft that Vladimir Dzhuvinov and I have written. It proposes a JWT-based response type for Token Introspection. The objective is to provide resource servers with signed tokens in case they need cryptographic evidence that the AS created the token (e.g. for liability). I will present the new draft in the session on Wednesday. kind regards, Torsten. Anfang der weitergeleiteten Nachricht: Von: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> Betreff: New Version Notification for draft-lodderstedt-oauth-jwt-introspection-response-00.txt Datum: 18. März 2018 um 20:19:37 MEZ An: "Vladimir Dzhuvinov" <vladi...@connect2id.com<mailto:vladi...@connect2id.com>>, "Torsten Lodderstedt" <tors...@lodderstedt.net<mailto:tors...@lodderstedt.net>> A new version of I-D, draft-lodderstedt-oauth-jwt-introspection-response-00.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Name: draft-lodderstedt-oauth-jwt-introspection-response Revision: 00 Title: JWT Response for OAuth Token Introspection Document date: 2018-03-15 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-jwt-introspection-response-00.txt Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-jwt-introspection-response/ Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-jwt-introspection-response-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response<https://datatracker..ietf.org/doc/html/draft-lodderstedt-oauth-jwt-introspection-response> Abstract: This draft proposes an additional JSON Web Token (JWT) based response for OAuth 2.0 Token Introspection. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat The information transmitted in the present email including the attachment is intended only for the person to whom or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete all copies of the material. Ce message et toutes les pièces qui y sont éventuellement jointes sont confidentiels et transmis à l'intention exclusive de son destinataire. Toute modification, édition, utilisation ou diffusion par toute personne ou entité autre que le destinataire est interdite. Si vous avez reçu ce message par erreur, nous vous remercions de nous en informer immédiatement et de le supprimer ainsi que les pièces qui y sont éventuellement jointes.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth