As I said, I have not fully thought it out. A better way to state this might be - this token uses the same key as rather than implying overriding.
-----Original Message----- From: Olaf Bergmann <[email protected]> Sent: Sunday, May 17, 2020 11:32 PM To: Jim Schaad <[email protected]> Cc: 'Francesca Palombini' <[email protected]>; 'Ace Wg' <[email protected]> Subject: Re: [Ace] Update of access rights Hi Jim, Jim Schaad <[email protected]> writes: > define a new claim which says - This token supersedes the token(s) > with CWTID values of "x", "y" and "z". Isn't this the same as token revocation with all its implications? I would prefer strict token ordering combined with a sound revocation mechanism. In both scenarios, you would still have the issue that the client forwards the superseding token/revocation message if it has a benefit from doing so. Grüße Olaf _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
