The DPoP spec registers the “htm”, “htu”, and “ath” claims [1]. But do these
claims actually make sense outside of a DPoP proof? Presumably the risk of
naming collision within a DPoP proof is pretty small, so is there any benefit
to registering them rather than just using them as private claims?
(I guess I could ask the same question about lots of other entries in the
current registry at IANA, many of which look completely app-specific to me).
[1]: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7
<https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7>
— Neil
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth