!!! Overview
[{$pagename}] is defined is an [Internet Draft] ([https://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-04|https://tools.ietf.org/html/draft-hunt-oauth-pop-architecture-04|target='_blank']]) 

The [OAuth 2.0] [Bearer Token] specification, as defined in [RFC 6750], allows any party in possession of a [Bearer Token] (a "bearer") to get access to the associated [Protected Resource].  To prevent misuse, [Bearer Token] must to be protected from disclosure in [transit|Data In Transit] and at [rest|Data At Rest].

[{$pagename}] security concept extends [Bearer Token] security and requires the client to demonstrate possession of a [key] when accessing a [Protected Resource].

Some scenarios demand additional security protection whereby a client needs to demonstrate possession of cryptographic keying material when accessing a protected resource.  This document motivates the development of the OAuth 2.0 proof-of-possession security mechanism.


[{$pagename}] outlines 
* use cases requiring stronger security protection:
* Describes Security and Privacy Threats  
* proposes different ways to mitigate those threats 
* lists requirements of the Architecture.
* Discusses Threat Mitigation
* Outlines an architecture for a solution that builds on top of the existing OAuth 2.0 framework 

[{$pagename}] is a [Proof-of-Possession] Architecture for [OAuth 2.0].


[Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)] ([RFC 7800]) describes how a [JSON Web Token] ([JWT]) can declare that the presenter of the [JWT] possesses a particular [proof-of-Possession] ([PoP]) key and that the recipient can [cryptographically|cryptography] confirm [proof-of-Possession] of the key by the presenter. 


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]