Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05

Sat, 29 Dec 2012 20:03:53 -0800 

Tony,

So do you agree with the following definition in -06? Or prefer X.1252
definition?

Claim  A piece of information asserted about a subject.  Here, Claims
      are represented name/value pairs, consisting of a Claim Name and a
      Claim Value.


Mike:

Regarding the ordering of the terms in terminology, you should either use
the dependency chain or alphabetic order. (Former is more desirable in my
point of view.) However, as it stands, it is none of those. For example,
the term "claim" appears in the definition of JWT, which is the first term
in the terminology, without having been defined. If you do not mind, I will
reorder them and send it to you.

Nat

On Sun, Dec 30, 2012 at 9:28 AM, Anthony Nadalin <[email protected]>wrote:

> By definition a claim is always in doubt thus it would not call it a
> credential until it is verified
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> David Chadwick
> Sent: Saturday, December 29, 2012 1:42 AM
> To: Mike Jones
> Cc: IETF oauth WG
> Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
>
> If a claim provides proof then I would call it a credential not a claim
>
> David
>
> On 29/12/2012 01:11, Mike Jones wrote:
> > I found the X.1252 definition.  It is:
> >
> > *6.18 claim *[b-OED]: To state as being the case, without being able
> > to give proof.
> >
> > That seems both a bit vague, and actually incorrect, as the JWT may
> > include proof of the veracity of the claim.  Please see the updated
> > JWT draft for a hopefully more useful “Claim” definition.
> >
> >                                                              Best
> > wishes,
> >
> >                                                              -- Mike
> >
> > *From:*Mike Jones
> > *Sent:* Sunday, December 23, 2012 1:03 PM
> > *To:* Jeff Hodges; Nat Sakimura
> > *Cc:* IETF oauth WG
> > *Subject:* RE: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
> >
> > What is the X.1252 definition?
> >
> > -- Mike
> >
> > *From:* Nat Sakimura
> > *Sent:* ‎December‎ ‎23‎, ‎2012 ‎10‎:‎09‎ ‎AM
> > *To:* =JeffH
> > *CC:* Mike Jones, IETF oauth WG
> > *Subject:* Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
> >
> > Re definition of 'claim', as JWT is supposed to be generic, it may be
> > better to go with the definition of X.1252 rather than OIDC.
> >
> > =nat via iPhone
> >
> > Dec 24, 2012 2:42、=JeffH <[email protected]
> > <mailto:[email protected]>> のメッセージ:
> >
> >>
> >> > Thanks for the replies, Jeff.  They make sense.  Particularly,
> >> > thanks for the "JSON Text Object" suggestion.
> >>
> >> welcome, glad they made some sense.
> >>
> >> similarly, if one employs JSON arrays, I'd define a "JSON text array".
> >>
> >>
> >> > For the "claims" definition, I'm actually prone to go with
> >> >definitions based  on those in
> >> >http://openid.net/specs/openid-connect-messages-1_0-13.html#terminol
> >> >ogy-
> >> > specifically:
> >> >
> >> > Claim
> >> > A piece of information about an Entity that a Claims Provider
> >> > asserts about that Entity.
> >> > Claims Provider
> >> > A system or service that can return Claims about an Entity.
> >> > End-User
> >> > A human user of a system or service.
> >> > Entity
> >> > Something that has a separate and distinct existence and that can
> >> > be identified in context. An End-User is one example of an Entity.
> >>
> >> well, it seems to me, given the manner in which the JWT spec is
> >> written, one can make the case that JWT claims in general aren't
> >> necessarily about an Entity (as the latter term is used in the
> >> context of the OpenID Connect specs), rather they're in general
> >> simply assertions about something(s). this is because all pre-defined
> > JWT claim types are optional and all JWT semantics are left up to
> > specs that profile (aka re-use) the JWT spec.
> >>
> >> HTH,
> >>
> >> =JeffH
> >>
> >> _______________________________________________
> >> OAuth mailing list
> >>[email protected] <mailto:[email protected]>
> >>https://www.ietf.org/mailman/listinfo/oauth
> >
> >
> >
> > _______________________________________________
> > OAuth mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/oauth
> >
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to