Olaf Bergmann <bergm...@tzi.org> wrote:
>> +1 for making all the CWT-like structures into real CWTs.
> Not every key/value-pair encoded as CBOR is automatically a CWT. What
> happens here is that we are trying to force every protocol element that
> is required to solve an application-specific problem to fit into
> existing registered OAuth elements. As already pointed out by Mike, this
> does not work well because ACE is different from vanilla OAuth.
We tried at first to fit RFC8366 (vouchers) into JWTs (and thus CWTs for
constrained vouchers), but we found the OAuth claim statements too confusing
for what we were doing. We could have made it work, but it just felt wrong.
> The best solution I can imagine to conserve precious number space is to
> use the media type (Content-Format in CoAP) as differientiator and use
> CWT-numbers only for things that are CWTs
I would agree.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
