On Wed, Aug 26, 2020 at 4:37 AM Torsten Lodderstedt <torsten=40lodderstedt.net@xxxxxxxxxxxxxx> wrote:
Hi Denis,
> On 25. Aug 2020, at 16:55, Denis <denis.ietf@xxxxxxx> wrote:
> The fact that the AS will know exactly when the introspection call has been made and thus be able to make sure which client
> has attempted perform an access to that RS and at which instant of time. The use of this call allows an AS to track where and when
> its clients have indeed presented an issued access token.
That is a fact. I don’t think it is an issue per se. Please explain the privacy implications.
As I see it, the privacy implication is that the AS knows when the client (and potentially the user) is accessing the RS, which is also an indication of when the user is using the client.
I think including this implication would be important to have in a Privacy Considerations section.
/Dick
ᐧ
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
