The editors have published draft-ietf-oauth-proof-of-possession-03, which addresses the working group last call comments received. Thanks to all of you who provided feedback. The changes were:
- Separated the
jweconfirmation members; the former represents a public key as a JWK and the latter represents a symmetric key as a JWE encrypted JWK.
- Changed the title to indicate that a proof-of-possession key is being communicated.
- Updated language that formerly assumed that the issuer was an OAuth 2.0 authorization server.
- Described ways that applications can choose to identify the presenter, including use of the
- Harmonized the registry language with that used in JWT [RFC 7519].
- Addressed other issues identified during working group last call.
- Referenced the JWT and JOSE RFCs.
The updated specification is available at:
An HTML formatted version is also available at: