Jim, Ben, Jim Schaad <[email protected]> writes:
[decrypted access_token as HKDF input] >> Now you have lost me. The innermost COSE wrapping layer would be the one in >> the contents of the cnf claim, given that we do not invent claims that also >> can >> include COSE structures? > > Yes this is the binary string that holds the claims. It would be > possible to have multiple COSE layers - i.e. encrypt and signing > layers, and you would want to make sure that you agree on where you > are pulling the content. I understand. I got a bit confused because when using key derivation, the access token does not necessarily have to be encrypted. > Using the token itself however is fine and you don't need to try and deal > with this. Actually, I would prefer that. For some reason, I was under the impression that the access token needs to be decrypted before key derivation can be done. Maybe this was in the very first version where only the kid was used as input. Grüße Olaf _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
