Dirk Balfanz
2016-07-19 22:22:06 UTC
Hi there,
I recently wrote down some thoughts on how Token Binding and OAuth could be
done. If there is time tomorrow during the session, I'm happy to talk about
some of the ideas; and I realize that I can't talk about anything without
having it shared first with the group. So here it is (attached).
My apologies for
- not writing this down in an I-D friendly way - this is mostly
stream-of-consciousness listing of the issues/proposals that occurred to me
(view this more as a contribution to the discussion than a proposed I-D);
- attaching it as a PDF, which is terrible for inline commenting :-(
- framing my thoughts in a very Google-centric way (the AS in the examples
is always Google, but I believe the conclusions are general).
Dirk.
I recently wrote down some thoughts on how Token Binding and OAuth could be
done. If there is time tomorrow during the session, I'm happy to talk about
some of the ideas; and I realize that I can't talk about anything without
having it shared first with the group. So here it is (attached).
My apologies for
- not writing this down in an I-D friendly way - this is mostly
stream-of-consciousness listing of the issues/proposals that occurred to me
(view this more as a contribution to the discussion than a proposed I-D);
- attaching it as a PDF, which is terrible for inline commenting :-(
- framing my thoughts in a very Google-centric way (the AS in the examples
is always Google, but I believe the conclusions are general).
Dirk.