Hello ACE, I want to raise one issue for group comments that has come up in conjunction with fixing the IANA nits for draft-ietf-ace-oauth-authz: In figure 16 we define mappings from OAuth Token introspection parameters to CBOR abbreviations. These parameters (should) correspond to the claims that could be found in e.g., a CWT. CWT renamed one token claim, namely 'jti' (JWT ID) into 'cti' for CWT ID. However, this is not reflected in the registered Introspection parameters (https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response) where only 'jti' is registered. This was overlooked when we originally defined the mappings in figure 16.
I would therefore put the following question to the group: Does anyone object to this draft adding 'cti' as an OAuth introspection parameter? The corresponding text would go into the list of additional parameters in section 5.9.2 and be something along the lines of: "cti OPTIONAL. The CWT ID parameter has the same meaning and processing rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except that the value is a byte string. " Regards, Ludwig -- Ludwig Seitz Infrastructure Security Analyst Combitech AB Djäknegatan 31 . SE-211 35 Malmö . Sweden Phone: +46 102 160 846 [email protected] . combitech.com This e-mail is private and confidential between the sender and the addressee. In the event of misdirection, the recipient is prohibited from using, copying or disseminating it or any information in it. Please notify the above of any such misdirection Please consider the environment before printing this e-mail! _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
