Oops, that's my bad. Thanks for the correction -- I've linked to your message in the datatracker (but didn't bother to have the datatracker send a third copy of my updated-again ballot position).
-Ben On Thu, Aug 13, 2020 at 03:00:33PM -0600, Brian Campbell wrote: > While some discussion of why explicit typing was not used might be useful > to have, that thread started with a request for security considerations > prohibiting use of the "sub" with a client ID value. Because such a request > JWT could be repurposed for JWT client authentication. And explicit typing > wouldn't help in that situation. > > On Tue, Aug 11, 2020 at 2:50 PM Benjamin Kaduk via Datatracker < > nore...@ietf.org> wrote: > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > [updated to note that, per > > https://mailarchive.ietf.org/arch/msg/oauth/Lqu15MJikyZrXZo5qsTPK2o0eaE/ > > and the JWT BCP (RFC 8725), some discussion of why explicit typing is not > > used would be in order] > > > > > > -- > _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately > by e-mail and delete the message and any file attachments from your > computer. Thank you._ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
