Derek,
Just looking at the issue you mentioned earlier. I think you also wanted to add
in that a resource server A might be legitimately trying to re-use the token
with an unintended “audience”, resource server B. Correct?
If so, here is a possible amendment to the case in 3.1:
Original Text:
Thanks Derek,
I will take a look at this.
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
> On Jul 10, 2015, at 1:48 PM, Derek Atkins wrote:
>
> Hi,
>
> In performing my shephard review of draft-ietf-oauth-pop-architecture I
> found one issue that was bugging me: you talk abou
Hi Reddy,
thanks a lot for your review comments and for failing to notice them.
On 08/28/2014 09:05 AM, Tirumaleswar Reddy (tireddy) wrote:
> My comments:
>
>
>
> 1) Figure 3: Resource server in the response could also generate
> Signature/MAC to prove the client that it is in possession of
>
