Child pages
  • UMA telecon 2019-11-21

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Eve described the OAuth 2.1 proposal from the IETF 106 OAuth 1 session and its enthusiasm for code+PKCE (and a further set of protections). George is concerned about this being insufficient for mobile wallet-binding protection. Adrian echoes this concern. How to ensure trust when talking to the correct client (instance, not just class)?