Hello ACE, Since I haven’t heard an objection, I will go forward and add this to the draft.
Regards, Ludwig From: Daniel Migault <mglt.i...@gmail.com> Sent: den 17 augusti 2021 17:25 To: Ludwig Seitz <ludwig.se...@combitech.com> Cc: ace@ietf.org Subject: Re: [Ace] Missing Introspection parameter in draft-ietf-ace-oauth-authz Thanks Ludwig for raising the question. If anyone has an objection, please express your concern by August 24. Expressing support is also more than welcome! Yours, Daniel On Tue, Aug 17, 2021 at 10:24 AM Ludwig Seitz <ludwig.se...@combitech.com<mailto:ludwig.se...@combitech.com>> wrote: Hello ACE, I want to raise one issue for group comments that has come up in conjunction with fixing the IANA nits for draft-ietf-ace-oauth-authz: In figure 16 we define mappings from OAuth Token introspection parameters to CBOR abbreviations. These parameters (should) correspond to the claims that could be found in e.g., a CWT. CWT renamed one token claim, namely 'jti' (JWT ID) into 'cti' for CWT ID. However, this is not reflected in the registered Introspection parameters (https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-introspection-response) where only 'jti' is registered. This was overlooked when we originally defined the mappings in figure 16. I would therefore put the following question to the group: Does anyone object to this draft adding 'cti' as an OAuth introspection parameter? The corresponding text would go into the list of additional parameters in section 5.9.2 and be something along the lines of: "cti OPTIONAL. The CWT ID parameter has the same meaning and processing rules as the "jti" parameter defined in section 3.1.2. of [RFC 7662] except that the value is a byte string. " Regards, Ludwig -- Ludwig Seitz Infrastructure Security Analyst Combitech AB Djäknegatan 31 . SE-211 35 Malmö . Sweden Phone: +46 102 160 846 ludwig.se...@combitech.com<mailto:ludwig.se...@combitech.com> . combitech.com<http://combitech.com> This e-mail is private and confidential between the sender and the addressee. In the event of misdirection, the recipient is prohibited from using, copying or disseminating it or any information in it. Please notify the above of any such misdirection Please consider the environment before printing this e-mail! _______________________________________________ Ace mailing list Ace@ietf.org<mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace -- Daniel Migault Ericsson
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace