and that there are
some non-trivial advantages to carrying authorizations in-band.
Namely...
Independance between payload and security measures.
Piggybagging information on lower layers is a very old concept.
https was successful over shttp.
I think the patent is made by trolls. There seems to be
lots of evidence of prior art. sending an OSCP
response as part of the TLS session setup
is a standard, where is the difference?
The current hacks to carry SAML assertion using additional
http connection is inefficient, mildly speaking.
The authz has technical problems.
I encourage the TLS working group members to
seriously treat the issue.
Peter Sylvester
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf