I'm not sure how to interpret "content". Where the algorithms, if advertised, get to apply. Is this something that resources / applications will define, depending on the resource characteristics? If we take JWE for instance, it could be used for 3 things at least. To encrypt bearer JWTs to access the resource, in addition to encrypting request and response payloads.
Vladimir On 27/03/2024 14:53, Rifaat Shekh-Yusef wrote:
All,This is a *WG Last Call* for the *OAuth 2.0 Protected Resource Metadata* document.https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-03.htmlPlease, review this document and reply on the mailing list if you have any comments or concerns, by *April 12*.Regards, Rifaat & Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth