you should use a confidential channel that only intended parties can read
- Chapter 2: Security by Design
- from Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE
- Publisher: Apress
- Released: August 2014
Wrong. Confidentiality protection is not necessary for integrity, and vice versa. You can actually run TLS with no encryption, but still have integrity protection.
Share this highlighthttp://www.safaribooksonline.com/a/advanced-api-security/12553031/