[keycloak-dev] proof-of-possession

Stian Thorgersen sthorger at redhat.com
Wed Jan 24 13:44:11 EST 2018


We have quite a lot on our plate already so we probably won't be looking at
that anytime soon. There's a crazy amount of these specs around. Can you
write a quick summary on what it's about? Also, do you know what the status
on it is? If it's an expired draft has it been abandoned?

On 24 January 2018 at 14:38, Frederik Libert <frelibert at yahoo.com> wrote:

> Hi,
> Are there any plans to support pop accesTokens where some kind of
> proof-of-possession is introduced to have a higher degree of security?As
> far as I know, there isn't yet a final standard (RFC) for this, only
> expired drafts, such as:- https://tools.ietf.org/
> html/draft-ietf-oauth-pop-architecture-08- https://
> tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-03
> - https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03
> Would you consider implementing any of this or would you wait until a RFC
> is finally accepted as standard?
> Kind regards,
> Frederik
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list