+1 I support adoption of DPoP. I have written an implementation of its current state for a client and implemented its signature mechanism in another project (without the rest of the protocol, fwiw).
Now, speaking as the editor of the group’s previous general-purpose http signature draft (for use with the general purpose PoP architecture) and co-editor of the new HTTP working group http signature draft, I still think that there’s room for both of these implementations out there. DPoP is simple and focused, it should do one thing and do it well. And the energies that are looking for a more general solution should help us make the wider HTTP Signature spec work across all those use cases. — Justin > On Mar 17, 2020, at 8:20 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > > All, > > As per the conclusion of the PoP interim meeting, this is a call for adoption > for the OAuth 2.0 Demonstration of Proof-of-Possession at the Application > Layer (DPoP) document: > https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/ > <https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/> > > Please, let us know if you support or object to the adoption of this document > as a working group document by March 31st. > > Regards, > Rifaat & Hannes > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
