Hi all, with the CWT in WGLC (see https://www.ietf.org/mail-archive/web/ace/current/msg02190.html) a question arises about the desired content of the spec.
In ACE we have been focused on the use of use of proof-of-possession tokens. Currently, the worksplit between the the CWT and the ACE framework spec is as follows: * the CWT spec maps some of the JWT claims to CBOR but does not contain anything regarding PoP tokens. * the ACE framework provides the PoP-related components (see https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-06#section-5.5.4.5). Now, the question to the group is whether they are happy with this split. Another option would be to include the cnf claims needed for the PoP token functionality already in the CWT spec. Thoughts? Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
