Thanks, Vladimir. How would they be secured then? With the current threat landscape, it seems odd that we would be putting forth a method that is not secured? Does this rely on transport for security?
On Thu, Apr 17, 2014 at 12:57 PM, Vladimir Dzhuvinov < [email protected]> wrote: > Hi Kathleen, > > > > Section 3.6 - Can you explain why would this be included? If you are > not going to sign, I am not sure why one would use JOSE at all. > > > > Perhaps the most popular application of JWS today is to construct JSON > Web Tokens (JWT), such as the ID tokens in OpenID Connect. The JWT spec > permits plain tokens that don't have a signature and this is enabled by > the special case "none" alg in JWS. > > Plaintext JWTs are explained here: > > http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-6 > > > Vladimir > > -- Best regards, Kathleen
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
