This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
OAuth 2.0 Proof-of-Possession (PoP) Security Architecture

Version management

Difference between version and

At line 1 added 27 lines
!!! Overview
[{$pagename}] is defined is an [Internet Draft] ([https://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-04|https://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-04|target='_blank']])
The [OAuth 2.0] [Bearer Token] specification, as defined in [RFC 6750], allows any party in possession of a [Bearer Token] (a "bearer") to get access to the associated [Protected Resource]. To prevent misuse, [Bearer Token] must to be protected from disclosure in [transit|Data In Transit] and at [rest|Data At Rest].
[{$pagename}] security concept extends [Bearer Token] security and requires the client to demonstrate possession of a [key] when accessing a [Protected Resource].
Some scenarios demand additional security protection whereby a client needs to demonstrate possession of cryptographic keying material when accessing a protected resource. This document motivates the development of the OAuth 2.0 proof-of-possession security mechanism.
[{$pagename}] outlines
* use cases requiring stronger security protection:
* Describes Security and Privacy Threats
* proposes different ways to mitigate those threats
* lists requirements of the Architecture.
* Discusses Threat Mitigation
* Outlines an architecture for a solution that builds on top of the existing OAuth 2.0 framework
[{$pagename}] is a [Proof-of-Possession] Architecture for [OAuth 2.0].
[Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)] ([RFC 7800]) describes how a [JSON Web Token] ([JWT]) can declare that the presenter of the [JWT] possesses a particular [proof-of-Possession] ([PoP]) key and that the recipient can [cryptographically|cryptography] confirm [proof-of-Possession] of the key by the presenter.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop