Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft

Mon, 27 Sep 2010 06:55:41 -0700 

I thought the discussion from June had most people not
needing encryption and an extra envelope. Given how Mike wrote this spec is
seems like supporting encryption with an extra envelope is possible, but
shouldn't be required if all you're doing is signing.

On Sun, Sep 26, 2010 at 9:55 PM, Dick Hardt <[email protected]> wrote:

> Don't put the signature information in the token, put it in a separate
> component (an envelope) that describes how the token is either signed or
> encrypted. See discussion from June:
>
> http://www.ietf.org/mail-archive/web/oauth/current/msg03211.html
>
>
> On 2010-09-26, at 9:20 PM, Mike Jones wrote:
>
> I’d be open to a proposal for also supporting encryption.  The draft was
> intended to be a starting point for productive discussion – not a finished
> product.
>
> Your thoughts?
>
>                                                             -- Mike
>
> *From:* Dick Hardt [mailto:[email protected]]
> *Sent:* Sunday, September 26, 2010 9:17 PM
> *To:* Mike Jones
> *Cc:* [email protected]
> *Subject:* Re: [OAUTH-WG] JSON Web Token (JWT) Specification Draft
>
> Did you intentionally decide not to support encrypting the token?
>
> On 2010-09-23, at 5:22 PM, Mike Jones wrote:
>
>
> Recognizing that there is substantial interest in representing sets of
> claims in JSON tokens, Yaron Goland and I have put together a draft JSON Web
> Token (JWT) spec for that purpose.
>
> To answer the obvious question, while this was produced independently of 
> Dirk’s
> JSON token 
> proposal<http://balfanz.github.com/jsontoken-spec/draft-balfanz-jsontoken-00.html>,
> both of us agree that we should come up with a unified spec.  Consider this
> an additional point in the possible design space from which to start
> discussions and drive consensus.  (If you read the two proposals, I think
> you’ll find that there’s already a lot in common, which is great.)
>
> Thanks to those of you who have already given us feedback to improve the
> draft prior to this point.
>
>                                                             Cheers,
>                                                             -- Mike
>
> <jwt.html><jwt.xml>_______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>
>

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to