Hi Cigdem,

Is that for the PCT? The RPT and PAT are OAuth 2 tokens, so would be separately covered by the specs for OAuth 2 PoP, so I wouldn't have thought we need to say much about that. Not sure how PoP would work with the permission ticket.

Cheers,
James

On 18 October 2016 at 09:20, Cigdem Sengul <Cigdem.Sengul@nominet.uk> wrote:

Hello,

Eve suggested that I start the discussion about this in the list.

Regarding the security concerns about the bearer tokens in the draft, I was curious whether it is worth mentioning Proof-of-Possession (PoP) tokens.

In addition, RFC 6750 recommendations may also be referred to in the draft.

Thanks,

--Cigdem

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma