On Dec 23, 2012, at 9:41 AM, =JeffH <[email protected]> wrote:
> > > Thanks for the replies, Jeff. They make sense. Particularly, thanks for > > the "JSON Text Object" suggestion. > > welcome, glad they made some sense. > > similarly, if one employs JSON arrays, I'd define a "JSON text array". > > > > For the "claims" definition, I'm actually prone to go with definitions based > > on those in > > http://openid.net/specs/openid-connect-messages-1_0-13.html#terminology - > > specifically: > > > > Claim > > A piece of information about an Entity that a Claims Provider asserts about > > that Entity. > > Claims Provider > > A system or service that can return Claims about an Entity. > > End-User > > A human user of a system or service. > > Entity > > Something that has a separate and distinct existence and that can be > > identified in context. An End-User is one example of an Entity. > > well, it seems to me, given the manner in which the JWT spec is written, one > can make the case that JWT claims in general aren't necessarily about an > Entity (as the latter term is used in the context of the OpenID Connect > specs), rather they're in general simply assertions about something(s). this > is because all pre-defined JWT claim types are optional and all JWT semantics > are left up to specs that profile (aka re-use) the JWT spec. Agreed. I'm using an encrypted JWT that is rendered as a QR code to store state. -- Dick _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
