We are doing all of this in response to a draft? Why can you not fix the draft and put the OAuth parameters in a sub map so there is no collisions?
Jim > -----Original Message----- > From: Mike Jones <[email protected]> > Sent: Tuesday, August 28, 2018 9:45 AM > To: Ludwig Seitz <[email protected]>; Samuel Erdtman <[email protected]>; > Jim Schaad <[email protected]> > Cc: [email protected] > Subject: RE: [Ace] Parameter abbreviation number ranges for draft-ietf-ace- > oauth-authz > > Especially in light of the possibility of signed requests along the lines of > https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-16, I believe that all the ACE > OAuth parameters should be registered as CWT claims. I'll repeat my request, > wearing my designated expert hat, that application-specific values not be > requested for registration in the one-byte ranges. The one-byte values should > be saved for claims that are likely to span multiple kinds of applications. > > -- Mike > > -----Original Message----- > From: Ace <[email protected]> On Behalf Of Ludwig Seitz > Sent: Monday, August 27, 2018 11:44 PM > To: Samuel Erdtman <[email protected]>; Jim Schaad > <[email protected]> > Cc: [email protected] > Subject: Re: [Ace] Parameter abbreviation number ranges for draft-ietf-ace- > oauth-authz > > On 2018-08-27 18:39, Samuel Erdtman wrote: > > +1 on pushing up error_description and error_uri > > > > I think client_id might be worth keeping low since it is often used > > even when in combination with client_secret. See OAuth Mtls as an example. > > On Mon, 27 Aug 2018 at 18:20, Jim Schaad <[email protected] > > <mailto:[email protected]>> wrote: > > > > Note that the 1 byte range is 0-23 > > Currently in the 1 byte uint range we have 20-23 left unused > > We could start assigning negative integer values in the 1 byte range if needed. > > > /Ludwig > > -- > Ludwig Seitz, PhD > Security Lab, RISE SICS > Phone +46(0)70-349 92 51 > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
