> Thanks for the replies, Jeff. They make sense. Particularly, thanks for
> the "JSON Text Object" suggestion.
welcome, glad they made some sense.
similarly, if one employs JSON arrays, I'd define a "JSON text array".
> For the "claims" definition, I'm actually prone to go with definitions based
> on those in
> http://openid.net/specs/openid-connect-messages-1_0-13.html#terminology -
> specifically:
>
> Claim
> A piece of information about an Entity that a Claims Provider asserts about
> that Entity.
> Claims Provider
> A system or service that can return Claims about an Entity.
> End-User
> A human user of a system or service.
> Entity
> Something that has a separate and distinct existence and that can be
> identified in context. An End-User is one example of an Entity.
well, it seems to me, given the manner in which the JWT spec is written, one can
make the case that JWT claims in general aren't necessarily about an Entity (as
the latter term is used in the context of the OpenID Connect specs), rather
they're in general simply assertions about something(s). this is because all
pre-defined JWT claim types are optional and all JWT semantics are left up to
specs that profile (aka re-use) the JWT spec.
HTH,
=JeffH
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
