I am researching Proof of Possession for API authentication as a means of reducing the impact of credential their:
https://ben3d.ca/blog/proof-of-possession-api-tokens
It's an important problem but how does this differ from TLS client certificates?
alt Hacker News
It's an important problem but how does this differ from TLS client certificates?