Torsten Lodderstedt

icon indicating an email [email protected]

Results 30 issues of Torsten Lodderstedt

Add support for OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

16 comment

**Expected Behavior** Support for RFC 8705 would allows clients to authenticate using TLS certificates and to bind access tokens to such certificates. **Current Behavior** Addition of client authentication with public...

type: enhancement

constraints

8 comment

Hi, we come across some issues with the way the constraints element. In my opinion, it mixes expressions for filtering Credentials with a definition of the claims a verifier wants...

editorial

erroneous in presentation_definition JSON Schema

12 comment

Hi, references ```json "filter": { "$ref": "http://json-schema.org/schema#" } ``` in lines 190, 203 and 222 of test/presentation-definition/schema.json cannot be resolved by a JSON schema parser. What is the meaning? I'm...

Add more security sensitive examples to intro to illustrate suitability

A bit about OAuth adoption in scenarios beyond its original scope (e.g. Open Banking).

1.2. Protocol Flow - figure 1 is misleading

2 comment

In a discussion with OAuth implementers the following issue was raised: The first messages of the flow show that the client obtains the grant from the resource owner and passes...

Replace SD-JWT VC profile by reference to definitions in OID4VCI and OID4VP

first paragraph section 8 needs clarification

What is the meaning of the first list (e.g. SD-JWT VC)? I guess it is a list of the places where ES256 must be used. I suggest to spell that...

replace cryptographic_binding_methods_supported 'did:example' value by 'jwk`

define typ value wallet-attestation+jwt

register PE values with DIF Claim format Registry