Technical Summary
This document describes an architecture extending OAuth 2.0 security,
which is today based on the use of bearer tokens (defined in RFC 6750).
Some scenarios demand additional security protection whereby a client
needs to demonstrate possession of cryptographic keying material when
accessing a protected resource. This document motivates the development
of the OAuth 2.0 proof-of-possession security mechanism.
This specification is an Informational RFC describing the architecture
and requirements.
Working Group Summary
The document was initially developed by a design team and then accepted
by the working group. There is strong consensus behind this work.
Document Quality
Implementations are planned for the follow up documents.
This is an architecture draft.
Personnel
The document shepherd is Kepeng Li.
The responsible Area Director is Kathleen Moriarty.