Commenting as identity enthusiast as opposed to WIMSE co-chair
DPoP allows for inclusion of claims about the HTTP Method and URI of the recipient to avoid spurious re-use or re-purposing of the proof. Is this achieved through the aud claim, or do we need additional provisions/extensions for this in the Workload Proof Token.
Commenting as identity enthusiast as opposed to WIMSE co-chair
DPoP allows for inclusion of claims about the HTTP Method and URI of the recipient to avoid spurious re-use or re-purposing of the proof. Is this achieved through the aud claim, or do we need additional provisions/extensions for this in the Workload Proof Token.