Hello,

 

Eve suggested that I start the discussion about this in the list.

 

Regarding the security concerns about the bearer tokens in the draft, I was curious whether it is worth mentioning Proof-of-Possession (PoP) tokens.  

 

In addition, RFC 6750 recommendations may also be referred to in the draft.

 

Thanks,

--Cigdem