1 Oct
2015
1 Oct
'15
10:11 a.m.
UMA-tarians, One of Gluu's customers has proposed using a JWT as the RPT token signed by the AS to avoid the call to the introspection API (for better performance). It didn't seem like a horrible idea, or anything that would break the security. Any thoughts? Am I wrong--is there some inherent security advantage to calling the introspection API? - Mike ------------------------------------- Michael Schwartz Gluu Founder / CEO