Hello, I am in process of working through the JOSE drafts and also read the Oauth JWT draft last week. There is some overlap in text that may require some joint work to correct.
1. For JWT, the Security Considerations section starts off with the same text that is in several of the JOSE drafts. In my review of the JWA draft, I asked for some fixes that will need to be made to this draft as well. Here is a link to that review and it may be easier to help with this work in one spot where text will be reused. Mike has asked the JOSE WG to assist, but it make make sense for Oauth folks to help as well. If it makes sense, a pointer to existing text is also fine. http://www.ietf.org/mail-archive/web/jose/current/msg04064.html 2. Sections 5.1 and 5.2 are a little confusing. However, the use of "typ" and "cty" appear in 3 drafts (at least), so this should get addressed with an approach that considers the joint text to reduce confusion for developers. The initial descriptions are in the JOSE JWS draft, so that may need most of the work, but it also appears in this draft and the JOSE JWK draft. In my writeup for the JWK review, I listed out some questions and would like to see improvements across these drafts. This will likely require some joint work and may be best in response to the JWK review to keep it in one place. http://www.ietf.org/mail-archive/web/jose/current/msg04172.html Thank you! -- Best regards, Kathleen
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
