Slide 16
Slide 16 text
XYZ vs XAuth
Client Authentication
• XYZ: Clientdetached JWS, DPoP, OAuth PoP, HTTP Sig, MTLSͳͲ
ͷʮҰൠతͳʯํ๏Λͬͯbound keysͷuseΛূ໌͢ΔɻRSʹ
͍ͭͯಉ༷ʹରԠ͍ͯ͠Δkey binding mechanismΛར༻͢
Δɻ
• XAuth: ClientXYZͱಉ༷ʹbound keysͷuseΛGSͷauth
mechanismͰূ໌͢Δ͕ɺσϑΥϧτJOSEΛ༻͍Δ
ɻRSͷΞΫηεOAuth 2.0ಉ༷Bearer tokenɻ֦ுՄ