On 2018-05-10 22:00, Mike Jones wrote:
FYI, I haven’t seen any discussion on my review comment that these values should be registered as CWT claims if continued alignment of values is desired. Certainly the draft hasn’t done that. *Do people see this alignment as valuable?*
Everything that is used as CWT claim is also registered as such, if it is not already registered. In our case that is just the "scope" claim (we will be adding a "profile" claim in the next iteration).
However there are also OAuth token endpoint parameters and OAuth introspection parameters, that partially have the same names as CWT claims (and the same meaning). Those are registered in other respective registries.
I have aligned the CBOR abbreviations for both claims and parameters of the same name (we obviously don't want an "aud" parameter in the access token request that abbreviates to 4 and an "aud" claim in a CWT that abbreviates to 5).
Do you see any concrete mismatch in the current registrations? The IANA section has grown pretty large and an error might have slipped past our vigilance.
/Ludwig -- Ludwig Seitz, PhD Security Lab, RISE SICS Phone +46(0)70-349 92 51 _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
