ciseng
commented
3 years ago Clarified both must be implemented by the Broker, and Client MUST implement at least one.
Closed ciseng closed 2 years ago
ciseng
commented
3 years ago Clarified both must be implemented by the Broker, and Client MUST implement at least one.
kaduk
commented
2 years ago I think this is fixed in the -13.
AD-Review 05/08/2021 Action: Implement the comment.
Original draft: To authenticate the Client, the RS validates the signature or the MAC, depending on how the PoP protocol is implemented. HS256 (HMAC- SHA-256) [RFC6234] and Ed25519 [RFC8032] are mandatory to implement depending on the choice of symmetric or asymmetric validation.
Comment: I think there is a decent argument (and that it's likely some other AD will make it) that we need to make both HS256 and Ed25519 mandatory to implement for the Broker, leaving only clients with the choice. Otherwise we can get into scenarios where interop is impossible.