That certainly takes care of the registry conflict problem, thanks.
I'm a little confused, however, and uncertain if that changes the syntax in
a way that maybe wasn't intended?
-09 had:
cnf
OPTIONAL. This field contains information about the proof-of-
possession key that binds the client to the access token. Values
of this parameter follow the syntax of the "cnf" claim from
section 3.1 of [I-D.ietf-ace-cwt-proof-of-possession]. See
Section 5 for additional discussion of the usage of this
parameter.
while -10 has:
Furthermore the AS can use the "cnf" parameter specified in section
9.4 of [I-D.ietf-oauth-mtls] in an introspection response. For CBOR-
based interactions the AS MUST use the parameter mapping specified in
Figure 5.
So in -09 the "cnf" Introspection Response Parameter was the following the
syntax of the "cnf" claim from PoP Key Semantics for CWTs
[ID.ietf-ace-cwt-proof-of-possession] and in -10 it's following the syntax
of PoP Key Semantics for JWTs [RFC7800] transitively via
[I-D.ietf-oauth-mtls] reference. I think I understand that the two PoP key
semantics documents are conceptually the same or similar. But I don't know
that the syntax is the same? Figure 5
<https://tools.ietf.org/html/draft-ietf-ace-oauth-params-10#section-6> is
pointed to for mapping between CBOR and JSON but it only has mappings for
the main top level parameters. Maybe I just don't get it or am missing
something...
On Tue, Jan 7, 2020 at 12:46 PM Ludwig Seitz <ludwig_se...@gmx.de> wrote:
> On 2019-12-23 22:32, Brian Campbell wrote:
> > The OAuth Token Introspection Response registry
> > <
> https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response
> >
> > already has an entry for "cnf", which makes the first request in
> > https://tools.ietf.org/html/draft-ietf-ace-oauth-params-07#section-9.4
> > rather problematic.
> >
>
> OAuth beats us on the finish line again :-(
>
> I have updated the draft to remove the registration and refer to the
> MTLS draft.
>
> /Ludwig
>
>
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
