This week, Phil Hunt posted a good educational piece about tokens, entitled, “Standards Corner: Tokens. Can You Bear It?“.  He focuses on how tokens are used in message authentication and explains the differences between bearer tokens and proof tokens, including implications of each.  He describes how the IETF OAuth Working Group is now working on requirements for Holder-of-Key tokens (aka proof tokens) to address how web sites which accept tokens should consider risks of compromise.

Thanks, Phil, for a instructive post.