This was done because, in CBOR, there is a way to distinguish between a string and a URL. This is lacking in JSON. I believe that the ability to not have to determine this heuristically is a good thing.
Jim From: Ace [mailto:[email protected]] On Behalf Of Samuel Erdtman Sent: Tuesday, October 31, 2017 2:42 AM To: Hannes Tschofenig <[email protected]> Cc: [email protected] Subject: Re: [Ace] CWT - Audience My guess is that this is an early mistake that has not been noticed, it has been like this from the first draft. I think the correct thing would be to change it so that CWT reflects JWT. //Samuel On Tue, Oct 31, 2017 at 10:27 AM, Hannes Tschofenig <[email protected] <mailto:[email protected]> > wrote: Hi all, in https://datatracker.ietf.org/doc/rfc7519/?include_text=1 (section 4.1.3), “aud” is defined for JWT as being an array of case-sensitive strings, or a single string. In https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/?include_text=1 (section 3.1.3), “aud” is defined for CWT as being like in JWT, but “the value is of type StringOrURI”. I was wondering how we arrived at this point where the CWT and the JWT differ in this regard. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected] <mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
