Tony, thanks as always for your thoughtful, well reasoned, and helpful comments.
I'm well aware of the potential for confusion, which is why I endeavored to address the differences between aud and dst with text in the draft. I do appreciate your permission to use it ourselves and I'll be sure to let the engineers that have already deployed it know that they have your blessing. As I said on Monday, it struck me as something that would have value well beyond our own usage and that was why I wanted to start a conversation about standardization. You're stance on that has been made pretty clear, thanks. On Wed, Mar 25, 2015 at 6:57 PM, Anthony Nadalin <tony...@microsoft.com> wrote: > There some folks out there that are using AUD to mean DST. Adding DST is > confusing, if you want to use it that's fine but don't see a need to > standardize every claim that someone comes up with > > Sent from my Windows Phone > ------------------------------ > From: Brian Campbell <bcampb...@pingidentity.com> > Sent: 3/25/2015 2:19 PM > To: Mike Jones <michael.jo...@microsoft.com> > Cc: oauth <oauth@ietf.org> > Subject: Re: [OAUTH-WG] JWT Destination Claim > > FWIW, I did have that as an open issue in the draft: > http://tools.ietf.org/html/draft-campbell-oauth-dst4jwt-00#appendix-A > > Though the way I worded it probably shows my bias. > > On Wed, Mar 25, 2015 at 2:16 PM, Mike Jones <michael.jo...@microsoft.com> > wrote: > >> Thanks for posting this, Brian. To get it down on the list, I’ll >> repeat my comment made in person that just as “aud” used to be >> single-valued and ended up being multi-valued, I suspect some applications >> would require the same thing of “dst” – at least when “aud” and “dst” are >> different. And even if “dst” becomes multi-valued, it’s OK for particular >> applications to require that it be single-valued in their usage. >> >> >> >> -- Mike >> >> >> >> *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Brian >> Campbell >> *Sent:* Wednesday, March 25, 2015 2:08 PM >> *To:* oauth >> *Subject:* [OAUTH-WG] JWT Destination Claim >> >> >> >> Here are the slides that I rushed though at the end of the Dallas meeting: >> >> https://www.ietf.org/proceedings/92/slides/slides-92-oauth-1.pdf >> >> >> >> And the -00 draft: >> http://tools.ietf.org/html/draft-campbell-oauth-dst4jwt-00 >> >> In an informal discussion earlier this week John B. suggested that some >> additional thinking and/or clarification is needed with regard to what >> parts of the URI to include and check. Particularly with respect to query >> and fragment. And he's probably right. >> > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth