I promised to send a UC to the list as input to the discussion around new
token formats.
---
Several large-scale deployments of public-key use a bag-of-keys model
for key management: you stick endpoint information together with public
keys for those endpoints in a signable container which is
Also in openID 2 there was an association endpoint that is similar where the
client got its secret. Mostly the term is a carryover from that.
I don't have any real objection to changing it to registration to align better
with OAuth terminology in the IETF version.
John B.
On 2012-11-05, at