By definition a claim is always in doubt thus it would not call it a credential until it is verified
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Chadwick Sent: Saturday, December 29, 2012 1:42 AM To: Mike Jones Cc: IETF oauth WG Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05 If a claim provides proof then I would call it a credential not a claim David On 29/12/2012 01:11, Mike Jones wrote: > I found the X.1252 definition. It is: > > *6.18 claim *[b-OED]: To state as being the case, without being able > to give proof. > > That seems both a bit vague, and actually incorrect, as the JWT may > include proof of the veracity of the claim. Please see the updated > JWT draft for a hopefully more useful “Claim” definition. > > Best > wishes, > > -- Mike > > *From:*Mike Jones > *Sent:* Sunday, December 23, 2012 1:03 PM > *To:* Jeff Hodges; Nat Sakimura > *Cc:* IETF oauth WG > *Subject:* RE: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05 > > What is the X.1252 definition? > > -- Mike > > *From:* Nat Sakimura > *Sent:* December 23, 2012 10:09 AM > *To:* =JeffH > *CC:* Mike Jones, IETF oauth WG > *Subject:* Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05 > > Re definition of 'claim', as JWT is supposed to be generic, it may be > better to go with the definition of X.1252 rather than OIDC. > > =nat via iPhone > > Dec 24, 2012 2:42、=JeffH <[email protected] > <mailto:[email protected]>> のメッセージ: > >> >> > Thanks for the replies, Jeff. They make sense. Particularly, >> > thanks for the "JSON Text Object" suggestion. >> >> welcome, glad they made some sense. >> >> similarly, if one employs JSON arrays, I'd define a "JSON text array". >> >> >> > For the "claims" definition, I'm actually prone to go with >> >definitions based on those in >> >http://openid.net/specs/openid-connect-messages-1_0-13.html#terminol >> >ogy- >> > specifically: >> > >> > Claim >> > A piece of information about an Entity that a Claims Provider >> > asserts about that Entity. >> > Claims Provider >> > A system or service that can return Claims about an Entity. >> > End-User >> > A human user of a system or service. >> > Entity >> > Something that has a separate and distinct existence and that can >> > be identified in context. An End-User is one example of an Entity. >> >> well, it seems to me, given the manner in which the JWT spec is >> written, one can make the case that JWT claims in general aren't >> necessarily about an Entity (as the latter term is used in the >> context of the OpenID Connect specs), rather they're in general >> simply assertions about something(s). this is because all pre-defined > JWT claim types are optional and all JWT semantics are left up to > specs that profile (aka re-use) the JWT spec. >> >> HTH, >> >> =JeffH >> >> _______________________________________________ >> OAuth mailing list >>[email protected] <mailto:[email protected]> >>https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
