I'm editing the JWT spec to prepare for the OAuth WG version and to track
changes in the JOSE specs. Currently the "typ" values defined for JWT tokens
are "JWT" and "http://openid.net/specs/jwt/1.0"; (see
http://tools.ietf.org/html/draft-jones-json-web-token-08#section-5). I believe
that the URN value should be changed to use a URN taken from the OAuth URN
namespace urn:ietf:params:oauth (defined in
http://tools.ietf.org/html/draft-ietf-oauth-urn-sub-ns-02).
I propose to use the URN:
urn:ietf:params:oauth:token-type:jwt
I believe this fits well with the other four uses of this namespace to date:
urn:ietf:params:oauth:grant-type:saml2-bearer
urn:ietf:params:oauth:client-assertion-type:saml2-bearer
urn:ietf:params:oauth:grant-type:jwt-bearer
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
(The first two are from
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-11. The latter two
are from http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-04.)
Do people agree with this URN choice?
Thanks,
-- Mike
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
