I did not do a full in-depth research on this topic, but it looks like my AD review of what became RFC 9200 (https://mailarchive.ietf.org/arch/msg/ace/k5RzWwmuawvczrHN88JoE3vbH78/) noted that what-became-RFC8693 had already gotten "scope" registered in the JWT claims registry, so that RFC 9200 could not attempt to register it in that registry as well. I suspect that a botched edit caused that reference to be used in the CWT claims registry as well, in which case an erratum should be filed against 9200 -- if verified, that should be enough for IANA to change the entry in the live registry.
-Ben On Sun, Jan 28, 2024 at 05:13:07PM -0700, Brian Campbell wrote: > It took a bit of looking but Neil is correct and that some other document > is RFC9200: > > https://datatracker.ietf.org/doc/html/rfc9200#name-cbor-web-token-claims > (last one in that section) > > which doesn't seem quite right. I would have expected the entry in the > registry to point back to RFC9200, especially because it has details about > the CWT scope claim (e.g., claim key value and additional binary encoding > value) that are definitely not in RFC8693. But that seems to explain the > state of that entry in the registry anyway. > > On Wed, Jan 24, 2024 at 11:45 AM Neil Madden <neil.e.mad...@gmail.com> > wrote: > > > RFC8693 didn't register anything for CWT at all. Some other document has > > registered scope for CWT and pointed at that RFC as the reference for some > > reason. > > > > -- Neil > > > > On 24 Jan 2024, at 18:37, Orie Steele <orie@transmute.industries> wrote: > > > > I'm working on a document that has some similarity to EAT from RATS, in > > that it is trying to enable JWT and CWT to be used for a use case. > > > > Is there a reason that RFC8693 registers "scope" and "client_id" for JWT, > > but only "scope" for CWT ? > > > > - https://www.iana.org/assignments/jwt/jwt.xhtml > > - https://www.iana.org/assignments/cwt/cwt.xhtml > > > > How can I use "client_id" in CWT ? > > > > OS > > > > -- > > > > ORIE STEELE > > Chief Technology Officer > > www.transmute.industries > > <https://transmute.industries/> > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > -- > _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you._ > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
