Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05

Fri, 28 Dec 2012 17:12:02 -0800 

I found the X.1252 definition.  It is:

6.18 claim [b-OED]: To state as being the case, without being able to give 
proof.

That seems both a bit vague, and actually incorrect, as the JWT may include 
proof of the veracity of the claim.  Please see the updated JWT draft for a 
hopefully more useful “Claim” definition.

                                                            Best wishes,
                                                            -- Mike

From: Mike Jones
Sent: Sunday, December 23, 2012 1:03 PM
To: Jeff Hodges; Nat Sakimura
Cc: IETF oauth WG
Subject: RE: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05

What is the X.1252 definition?

-- Mike

From: Nat Sakimura
Sent: ‎December‎ ‎23‎, ‎2012 ‎10‎:‎09‎ ‎AM
To: =JeffH
CC: Mike Jones, IETF oauth WG
Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05

Re definition of 'claim', as JWT is supposed to be generic, it may be
better to go with the definition of X.1252 rather than OIDC.

=nat via iPhone

Dec 24, 2012 2:42、=JeffH 
<[email protected]<mailto:[email protected]>> のメッセージ:

>
> > Thanks for the replies, Jeff.  They make sense.  Particularly, thanks for
> > the "JSON Text Object" suggestion.
>
> welcome, glad they made some sense.
>
> similarly, if one employs JSON arrays, I'd define a "JSON text array".
>
>
> > For the "claims" definition, I'm actually prone to go with definitions based
> > on those in
> > http://openid.net/specs/openid-connect-messages-1_0-13.html#terminology -
> > specifically:
> >
> > Claim
> > A piece of information about an Entity that a Claims Provider asserts about
> > that Entity.
> > Claims Provider
> > A system or service that can return Claims about an Entity.
> > End-User
> > A human user of a system or service.
> > Entity
> > Something that has a separate and distinct existence and that can be
> > identified in context. An End-User is one example of an Entity.
>
> well, it seems to me, given the manner in which the JWT spec is written, one 
> can make the case that JWT claims in general aren't necessarily about an 
> Entity (as the latter term is used in the context of the OpenID Connect 
> specs), rather they're in general simply assertions about something(s). this 
> is because all pre-defined JWT claim types are optional and all JWT semantics 
> are left up to specs that profile (aka re-use) the JWT spec.
>
> HTH,
>
> =JeffH
>
> _______________________________________________
> OAuth mailing list
> [email protected]<mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to