TwigBush
Securing Requests: For real-world libraries and reference servers, what should be the sane defaults? #28
joshfischer1108
started this conversation in
General
Securing Requests: For real-world libraries and reference servers, what should be the sane defaults?
#28
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
In reference to Securing Requests from the Client Instance
What should be the defaults?
Default to bound tokens with HTTP Message Signatures for both RS calls and AS grant negotiation, with bearer as explicit opt-in, or something else?
For AS initiation, do you favor httpsig or jwsd in practice, and why? Any pitfalls with headers, proxies, or content hashing?
Beta Was this translation helpful? Give feedback.
All reactions