Hi Mike, Hi Justin, when I looked at the JWT and the draft-richer-oauth-introspection documents I noticed that the two are not aligned (neither from the fields that are supported nor from the way how the fields are defined).
IMHO draft-richer-oauth-introspection must not define new elements since those are already defined in the JWT. You could compare the relationship between the JWT and the draft-richer-oauth-introspection in the following way: The JWT passes the content per value from the AS via the client to the RS. The draft-richer-oauth-introspection passes a reference to the content from the AS via the client to the RS and since the RS ultimately needs to know the content it has to resolve the reference so that it gets the content. Therefore, the content (the different JSON encoded structures) should only be defined once and could then be used in both specs. Ciao Hannes _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
