For what it's worth, the JOSE documents such as
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-25 also include
the ECMAScript reference for the same reason as JWT does and Karen's shepherd
write-up at
http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-signature/shepherdwriteup/
doesn't list it as a down-reference. I think that it shouldn't be list as a
downref for JWT, because it's a reference to a related standard - not a
reference to a standard that was obsoleted by any RFC, including not being
obsoleted by RFC 7159.
-- Mike
-----Original Message-----
From: Hannes Tschofenig [mailto:[email protected]]
Sent: Thursday, April 24, 2014 1:57 AM
To: Mike Jones; [email protected]
Subject: Re: [OAUTH-WG] Minor questions regarding
draft-ietf-oauth-json-web-token-19
Thanks, Mike.
Leave the ECMAScript reference in the document. I indicated it as a DOWNREF in
the my shepherd write-up and that should be fine.
Ciao
Hannes
On 04/23/2014 06:32 PM, Mike Jones wrote:
> Replies inline...
>
>
>
> -----Original Message-----
> From: OAuth [mailto:[email protected]] On Behalf Of Hannes
> Tschofenig
> Sent: Wednesday, April 23, 2014 4:49 AM
> To: [email protected]
> Subject: [OAUTH-WG] Minor questions regarding
> draft-ietf-oauth-json-web-token-19
>
>
>
> Doing my shepherd write-up I had a few minor questions:
>
>
>
> * Could you move the RFC 6755 reference to the normative reference
> section? Reason: the IANA consideration section depends on the
> existence of the urn:ietf:params:oauth registry.
>
>
>
> OK
>
>
>
> * Could you move the JWK reference to the informative reference section?
>
> Reason: The JWK is only used in an example and not essential to the
> implementation or understanding of the specification.
>
>
>
> OK
>
>
>
> * Would it be sufficient to reference RFC 7159 instead of the
> [ECMAScript] reference?
>
>
>
> No. There's no equivalent to Section 15.12 of ECMAScript about the
> lexically last member name to reference in RFC 7159. See the usage in
> the first paragraph of
> http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-4.
>
>
>
> * The document registers 'urn:ietf:params:oauth:token-type' and it is
> used in the "type" header parameter.
>
>
>
> The text, however, states that the value can also be set to jwt. Why
> would someone prefer to use urn:ietf:params:oauth:token-type instead
> of the much shorter jwt value?
>
>
>
> There are use cases, such as using JWTs as tokens in WS-Trust, where a
> URI is needed.
>
>
>
> Ciao
>
> Hannes
>
>
>
> Thanks for doing this.
>
>
>
> -- Mike
>
>
>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
