Hi David, > On 12. Jun 2019, at 04:01, David Waite <da...@alkaline-solutions.com> wrote: > > To prevent exfiltration, the options are limited. > - Token Binding will work, but only currently has support in Edge. > - Mutual TLS will work, but has a poor experience unless you are deploying > alongside group policy. > - DPoP was written specifically for the browser use case (such as letting you > use WebCrypto for non-exportable tokens). It is an early draft but has some > initial implementations already.
If you use a backend to relay or orchestrate your micro service interactions, mTLS (with self-signed certs) is the easiest choice from my perspective. kind regards, Torsten.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
