Remove references to OAuth Token Binding

Comments (7)

1. 

   Dave Tonge reporter

   • changed milestone to 3rd Implementers Draft

   We discussed on the call today removing references to OAuth Token Binding from the specs.

   This is because currently there aren’t interoperable implementations of this yet, we are likely to add support in later when the spec starts to be used.

   We discussed that it would be good to indicate that in the future we will support other methods for sender-constraining tokens, e.g. DPOP. However we need to balance this with the aim of achieving interoperability.

   I will propose some wording around this.

   • 2019-05-29T15:25:04+00:00
2. 

   Joseph Heenan

   • assigned issue to
     
     Joseph Heenan

   Hope you don’t mind Dave, I’ve had a go at some wording along the lines you suggested and put it in a pull request here: https://bitbucket.org/openid/fapi/pull-requests/117/fapi-rw-make-mtls-the-only-holder-of-key

   • 2019-06-19T13:10:20+00:00
3. 

   Dave Tonge reporter

   Thanks Joseph

   • 2019-06-19T13:20:00+00:00
4. 

   Dave Tonge reporter

   • changed status to closed

   FAPI-RW: Make MTLS the only holder of key mechanism

   At the present time, OAuth Token Binding has not been widely deployed, so in the interests of interoperability it is better to focus implementors attention on MTLS certificate bound access tokens at the current time - MTLS has been used in many FAPI deployments.

   This situation is likely to change again in later drafts if other methods of sending constraining tokens are developed.

   closes #225

   → <<cset aab212e71cc0>>

   • 2019-07-10T14:30:35+00:00
5. 

   Nat Sakimura

   • changed component to Part 2: Advanced

   • 2022-12-14T15:36:11+00:00
6. 

   Nat Sakimura

   • changed component to FAPI 1 – Part 2: Advanced

   • 2022-12-14T15:36:45+00:00
7. 

   Nat Sakimura

   • changed component to FAPI 1: Advanced

   • 2022-12-14T15:38:55+00:00
8. Log in to comment