As Hannes wrote about this draft in his note on February 4th at https://mailarchive.ietf.org/arch/msg/oauth/Y7IUMzngKE0GXXNloUWw4UPBk1o:
With my co-chair hat on: I just wanted to clarify that registering claims (and values within those claims) is within the scope of the OAuth working group. We standardized the JWT in this group and we are also chartered to standardize claims, as we are currently doing with various drafts. Not standardizing JWT in the IETF would have lead to reduced interoperability and less security. From: Thomas Broyer [mailto:[email protected]] Sent: Friday, February 12, 2016 12:32 AM To: Mike Jones <[email protected]>; [email protected] Subject: Re: [OAUTH-WG] Authentication Method Reference Values spec incorporating adoption feedback So, you just removed every relationship to OAuth (and the note about OAuth and authentication seems a bit out of context), and I thus wonder why the OAuth WG would adopt this draft; that'd rather be a JOSE thing. Le ven. 12 févr. 2016 07:03, Mike Jones <[email protected]<mailto:[email protected]>> a écrit : This draft of the Authentication Method Reference Values specification incorporates OAuth working group feedback from the call for adoption. The primary change was to remove the “amr_values” request parameter, so that “amr” values can still be returned as part of an authentication result, but cannot be explicitly requested. Also, noted that OAuth 2.0 is inadequate for authentication without employing appropriate extensions and changed the IANA registration procedure to no longer require a specification. The specification is available at: • http://tools.ietf.org/html/draft-jones-oauth-amr-values-05 An HTML-formatted version is also available at: • http://self-issued.info/docs/draft-jones-oauth-amr-values-05.html -- Mike P.S. This announcement was also posted at http://self-issued.info/?p=1539 and as @selfissued<https://twitter.com/selfissued>. _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
