We have quite a lot on our plate already so we probably won't be looking at
that anytime soon. There's a crazy amount of these specs around. Can you
write a quick summary on what it's about? Also, do you know what the status
on it is? If it's an expired draft has it been abandoned?
On 24 January 2018 at 14:38, Frederik Libert <frelibert(a)yahoo.com> wrote:
Hi,
Are there any plans to support pop accesTokens where some kind of
proof-of-possession is introduced to have a higher degree of security?As
far as I know, there isn't yet a final standard (RFC) for this, only
expired drafts, such as:-
https://tools.ietf.org/
html/draft-ietf-oauth-pop-architecture-08- https://
tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03
-
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03
Would you consider implementing any of this or would you wait until a RFC
is finally accepted as standard?
Kind regards,
Frederik
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev