As promised at the last interim meeting, I’ve sat down and put together a first strawman for PoP tokens using HTTP Message Signatures. As you can see, it’s pretty short. I’ve intentionally scoped it down to only pre-registered keys (unlike DPoP’s dynamically presented keys), but this could change. I haven’t put in the pieces for token key confirmation that would be required for this work, which both the MTLS and DPoP drafts have.
— Justin > Begin forwarded message: > > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-richer-oauth-httpsig-00.txt > Date: June 21, 2021 at 11:52:14 AM EDT > To: "Justin Richer" <i...@justin.richer.org> > > > A new version of I-D, draft-richer-oauth-httpsig-00.txt > has been successfully submitted by Justin Richer and posted to the > IETF repository. > > Name: draft-richer-oauth-httpsig > Revision: 00 > Title: OAuth Proof of Possession Tokens with HTTP Message > Signatures > Document date: 2021-06-21 > Group: Individual Submission > Pages: 8 > URL: > https://www.ietf.org/archive/id/draft-richer-oauth-httpsig-00.txt > Status: https://datatracker.ietf.org/doc/draft-richer-oauth-httpsig/ > Html: > https://www.ietf.org/archive/id/draft-richer-oauth-httpsig-00.html > Htmlized: > https://datatracker.ietf.org/doc/html/draft-richer-oauth-httpsig > > > Abstract: > This extension to the OAuth 2.0 authorization framework defines a > method for using HTTP Message Signatures to bind access tokens to > keys held by OAuth 2.0 clients. > > > > > The IETF Secretariat > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth