> -----Original Message-----
> From: Ace <[email protected]> On Behalf Of Ludwig Seitz
> Sent: Thursday, February 7, 2019 11:33 PM
> To: Hannes Tschofenig <[email protected]>; [email protected]; ace-
> [email protected]
> Subject: Re: [Ace] Resource, Audience, and req_aud
>
> On 07/02/2019 17:12, Hannes Tschofenig wrote:
> > Hi Ludwig,
> >
> >> What I understood from the feed-back is that using a parameter called
> >> "aud" in a request to the token endpoint would be interpreted as a
> >> restriction on the audience of authorization servers that are
> >> addressed by this request.
> >
> > I am not talking about a parameter called 'aud'. Take a look at the
> > token exchange spec -- the parameter is called 'audience'. 'aud' is
> > the name of the claim.
> >
> > Ciao Hannes
> >
> >
>
> Ok I see, I had that mixed up.
>
> Let me just note that having an "audience" parameter and an "aud"
> parameter (which is also referred to as 'audience') is not ideal when one
> wants to avoid confusion.
>
> It seems the token-exchange draft is quite advanced, so referring to its
> "audience" parameter instead of defining "req_aud" (with more or less the
> same semantics) seems reasonable to me.
>
> Do the chairs think that this would unduly delay the progress of draft-ietf-
> ace-oauth-params?
It looks like the are about the same point as we are. So no I don't think it
would slow things down to make this change.
Jim
>
> /Ludwig
>
>
> --
> Ludwig Seitz, PhD
> Security Lab, RISE
> Phone +46(0)70-349 92 51
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
