Samuel, Jim,
We have two cases in ACE-OAuth:
1) Client provides a key (or a reference to a key) to the AS. It wants the
AS to include that key into the PoP token. The key is the long version of the
key id*.
2) Client asks the AS to get a token. In this case the AS creates a key
Hi Jim,
It sounds like we need some high bandwidth face-to-face time on this issue in
Montreal.
This is an interesting issue and IMHO reaches outside the CWT PoP document.
Ciao
Hannes
-Original Message-
From: Jim Schaad [mailto:i...@augustcellars.com]
Sent: 26 June 2018 18:57
To:
From: Samuel Erdtman
Sent: Wednesday, June 27, 2018 8:18 AM
To: Jim Schaad
Cc: Hannes Tschofenig ; Benjamin Kaduk
; Mike Jones ;
draft-ietf-ace-cwt-proof-of-possess...@ietf.org; ace@ietf.org
Subject: Re: [Ace] Key IDs ... RE: WGLC on
draft-ietf-ace-cwt-proof-of-possession-02
Jim,
Jim, are you saying that if the client can pick the key identifier and if
it has seen a key identifier of another client it could request a PoP token
with the observed key-id and the observed subject but with an new key.
I guess this is a potential scenario that could be worth mentioning in