Not having support for multiple audiences is semantically a non-starter. There
are some differences in CWT from JWT that are intentional (such as binary key
IDs) to better align CWT with COSE, but this particular divergence is
unacceptable.
My conclusion is that I will need read CWT line-by-line before Singapore and
compile a list of such problems that have somehow made it into the spec. I was
(apparently naively) assuming it was aligned, but apparently that's not the
case.
Thanks for catching this, Hannes!
-- Mike
-----Original Message-----
From: Ace [mailto:[email protected]] On Behalf Of Hannes Tschofenig
Sent: Tuesday, October 31, 2017 8:50 AM
To: Kathleen Moriarty <[email protected]>; Carsten Bormann
<[email protected]>
Cc: Samuel Erdtman <[email protected]>; [email protected]
Subject: Re: [Ace] CWT - Audience
> > I sure noticed the difference, but thought that this was an intended
> > simplification: simply not allowing audiences with multiple strings.
> I believe it was an intentional change, but am sure Jim and others can
> clarify.
The downside of that change is the following:
* Misalignment with the JWT, and
* If you want to use the CWT token with multiple audiences then you have to
request&create a new token for each audience.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
