I have received a fair amount of feedback about my draft, which I have incorporated into a new version which I have just posted.
Reviewers, I very much appreciate all of the feedback provided both in person and via various chat formats, but if I could ask that you please post your thoughts here on the list as well. The new version fixes some straightforward errors, including spelling and grammar mistakes as well as incorrect references. The major change is, however, the definition of JWT claims in addition to CWT claims. Several folks indicated that this was desirable for both library and consistency reasons, so I have updated the document to include them. However... this does expose a potential problem that will require fixing: the definition of "crit" for JWTs was provided in the OpenID document, which doesn't address acceptability. It has several "MUST NOT produce" clauses that do not indicate invalidity if violated. We can potentially require profilers to define how they handle this, but we can't really edit OpenID's definition. Having different definitions for crit between JWT and CWT also seems undesirable. Reviewers are invited here, to the list, to provide feedback on this topic. :) On Tue, Jan 13, 2026 at 11:05 AM Ivaylo Petrov <[email protected]> wrote: > > Dear all, > > During IETF 124, several people volunteered to review > draft-lemmons-cose-composite-claims to help gather feedback before we proceed > with the next steps. Please remember to submit your reviews at your earliest > convenience. Your help is much appreciated! > > Thanks, > -- Mike & Ivo _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
