Re: [OAUTH-WG] MTLS and SAN

I may not be completely up to date in this discussion, However, RFC 6125 "In general, *this specification recommends and prefers* use of subjectAltName entries (DNS-ID, SRV-ID, URI-ID, etc.) over use of the subject field (CN-ID) where possible,

[OAUTH-WG] CORS and the Device Authorization Grant (device flow)

Hello *, I recall implementing an early draft of this flow few years ago for a client landscape composed primarily of older set-top boxes, old and new TV models of various brands (LG, Samsung, Sony) and also HbbTV standards 1.5 and 2.0. I remember having to set up CORS on both the device authoriz

Re: [OAUTH-WG] draft-bertocci-oauth-access-token-jwt-00

Hi, We have a machine-to-machine scenario where clients, RSes and our AS all belong to different legal entities. Some RSes require their clients to limit the access token to a specific Resource Owner, while other RSes don't. In the former case, we use 'sub' to identify that Resource Owner.

[OAUTH-WG] Possible help with product design

Dear Team, We are in a process of architecting the web project with the technology stack as Angular 7 & .NET Core 2.2. We wanted to implement token, So we did some research and finalized OAuth 2.0 & JWT would be the platform. However, I am new to OAuth 2.0. and even also JWT. So I need possibl

[OAUTH-WG] Possible help with product design

Dear Team, We are in a process of architecting the web project with the technology stack as Angular 7 & .NET Core 2.2. We wanted to implement token, So we did some research and finalized OAuth 2.0 & JWT would be the platform. However, I am new to OAuth 2.0. and even also JWT. So I need possible he

[OAUTH-WG] Question regarding RFC 7800

Hello folks, What is the status of RFC 7800? We’re finding the need for this, and wonder what we might be able to do to help move this along? Regards, rob -- Robert Lembrée Lead Cybersecurity Architect Innovation & Technology Industrial Automation Business Schneider Ele