Hi George,
Is is unclear whether you are considering the OAuth 2.X Framework
or the three roles model (i.e., with the Holder, the Issuer and the
Verifier).
Denis
Hi,
Are there any best practices for clients that want to use Dynamic
Client Registration and plan to register a public key
(rather than receiving back a shared client_secret), to use DPoP to
prove possession of the matching private key and
also integrity protect the JSON object passed to the registration
endpoint?
I'm aware of the client attestation work but that isn't quite the same
thing.
Thoughts?
Thanks,
George
------------------------------------------------------------------------
The information contained in this e-mail may be confidential and/or
proprietary to Capital One and/or its affiliates and may only be used
solely in performance of work or services for Capital One. The
information transmitted herewith is intended only for use by the
individual or entity to which it is addressed. If the reader of this
message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or
other use of, or taking of any action in reliance upon this
information is strictly prohibited. If you have received this
communication in error, please contact the sender and delete the
material from your computer.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth