On 2023-10-27, at 16:59, Michael Jones <[email protected]> wrote: > > Just like JWTs and CWTs, the CWT Claims Set in the header parameter is a data > structure. It's the applications using them that profile them to use > particular claims and assign them specific semantics in their context. An > OpenID Connect ID Token defines semantics for a particular kind of JWT, just > like STIR defines semantics for other kinds of JWTs. SCITT is assigning > semantics to a particular use of the CWT Claims header parameter.
Hmm, that sounds like a recipe for cross-protocol attacks. Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
