[Openid-specs-fapi] Issue #60: Only one method to Token Bind AT rather than two? (openid/fapi)
Nat Sakimura
issues-reply at bitbucket.org
Mon Jan 16 06:58:49 UTC 2017
New issue 60: Only one method to Token Bind AT rather than two?
https://bitbucket.org/openid/fapi/issues/60/only-one-method-to-token-bind-at-rather
Nat Sakimura:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-01 supports two ways to token bind the access token. The standard way, and the alternative way:
the client to generate a Token Binding key to use for the protected
resource, use the Token Binding ID for that key, and then later use
that key when the TLS connection to the protected resource is
established.
(Source) Last Para of Section 3 of draft-ietf-oauth-token-binding-01
The question here is that should we support this alternative way or do we just requrie the standard way?
More information about the Openid-specs-fapi
mailing list