> -----Original Message-----
> From: Michael Richardson <mcr+i...@sandelman.ca>
> Sent: Thursday, October 4, 2018 6:45 AM
> To: Jim Schaad <i...@augustcellars.com>
> Cc: ace@ietf.org
> Subject: Re: [Ace] JWT + OAuth Request
>
>
> Jim Schaad <i...@augustcellars.com> wrote:
> > The OAuth group discovered a problem with some the names of our new
> > OAuth fields that was caused by the fact that they have an ID that
is
> > someplace between the IESG and the RFC Editor which introduced the
>
> Took a moment to realize that ID = Internet Draft, rather than being a
> reference a hash key id :-) (Which document is this?)
This is JWT Secured Authorization Request (JAR)
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/
Jim
>
> > Why option 1 might be acceptable:
>
> ...
>
> > B. If a CWT version is this is really needed, perhaps we can get a
> > different design to be used. Specifically, create two new CWT
claims:
> > "oauth_req", "oauth_resp" and then place the OAuth parameters in
those
> > fields and not make them CWT claims. I am sure that there would be
> > complaints about this, but much as COSE fixed problems that it saw
as
> > being wrong, the WG could do the same thing.
>
> I prefer this solution, but I feel unsufficiently informed about how the
above ID
> might come back to bite us.
>
> (I can live with combining registries)
>
> --
> Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -
> = IPv6 IoT consulting =-
>
>
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
