[Openid-specs-ab] AB/Connect WG Note (2015-10-19)

Nat Sakimura sakimura at gmail.com
Wed Oct 21 15:28:53 UTC 2015


One of the question I would have is whether we need the integrity
protection in this layer or just do the client authentication. As it is
happening over TLS, just the client auth may be sufficient for many
purposes.

2015-10-21 3:29 GMT+09:00 Brian Campbell <bcampbell at pingidentity.com>:

>
> Yeah, that would be the one that maps to it but there are issues with it
> that need to be sorted out:
> http://www.ietf.org/mail-archive/web/oauth/current/msg14801.html
>
>
> On Mon, Oct 19, 2015 at 6:17 PM, Nat Sakimura <sakimura at gmail.com> wrote:
>
>>
>>
>> - Nat asked which draft was the HoK version of RFC6750.
>>   https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request
>>   seems to be the one that maps to it.
>>
>>
>>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20151022/7a6411d9/attachment.html>


More information about the Openid-specs-ab mailing list