The OAuth 2.0 Authorization Framework: JWT Pop Token Usage
draft-sakimura-oauth-jpop-04

Document Type Expired Internet-Draft (individual)
Last updated 2017-09-28 (latest revision 2017-03-27)
Replaces draft-sakimura-oauth-rjwtprof
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sakimura-oauth-jpop-04.txt

Abstract

This specification describes how to use JWT POP (Jpop) tokens that were obtained through [POPKD] in HTTP requests to access OAuth 2.0 protected resources. Only the party in possession of the corresponding cryptographic key for the Jpop token can use it to get access to the associated resources unlike in the case of the bearer token described in [RFC6750] where any party in posession of the access token can access the resource.

Authors

Nat Sakimura (n-sakimura@nri.co.jp)
Kepeng Li (kepeng.lkp@alibaba-inc.com)
John Bradley (ve7jtb@ve7jtb.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)