OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
2016
The OAuth 2.0 bearer token specification, as defined in RFC 6750,
allows any party in possession of a bearer token (a "bearer") to get
access to the associated resources (without demonstrating possession
of a cryptographic key). To prevent misuse, bearer tokens must be
protected from disclosure in transit and at rest. Some scenarios
demand additional security protection whereby a client needs to
demonstrate possession of cryptographic keying material when accessing
a protected resource. This document motivates the development of the
OAuth 2.0 proof-of-possession security mechanism.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
1
Citations
NaN
KQI