If you had to secure requests to an authorization server, how would you do it?

1 month ago 8

In reference to Securing Requests from the Client Instance

What should be the defaults?

  • Default to bound tokens with HTTP Message Signatures for both RS calls and AS grant negotiation, with bearer as explicit opt-in, or something else?

  • For AS initiation, do you favor httpsig or jwsd in practice, and why? Any pitfalls with headers, proxies, or content hashing?

Read Entire Article
  1. Homepage
  2. Technology
  3. If you had to secure requests to an authorization server, how would you do it?

Related

Mixture-of-Experts explained with PyTorch implementation

Mixture-of-Experts explained with PyTorch implementation

16 minutes ago 1
DDD – The Data Display Debugger

DDD – The Data Display Debugger

18 minutes ago 1
Grant your intercom WiFi superpowers for $8

Grant your intercom WiFi superpowers for $8

18 minutes ago 1
Hostinger Web Hosting