Hi Nikos, The https://tools.ietf.org/html/draft-fett-oauth-dpop-04 draft you've referenced is several revisions out of date. Looking at https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ will show the current latest, which is currently https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-02.html.
Some of that terminology has been cleaned up already. There are a couple places where payload could be used rather than body that I'll change in the next revision. I think that JWT header is probably more meaningful to most readers than JOSE. And while it is technically a JOSE header, it's also a JWS header, which is also a JWT header. This JWT is a JWS. Both have a header. The same header. On Sun, Apr 4, 2021 at 3:16 PM Nikos Fotiou <[email protected]> wrote: > Hi I am wondering if the following terminology is more appropriate for the > DPoP draft (https://tools.ietf.org/html/draft-fett-oauth-dpop-04): > - Since a DPoP proof is a JWT encoded in a JWS may be it is better to say > "DPoP proof payload" instead of "DPoP proof body" (end of page 4). > - For the same reason use "JOSE header" instead of "JSON header" > (beginning of page 5) > - Moreover, here and there it is stated "the header of the JWT". AFAIU > JWTs do not have headers themselves but the header is part of the JWS/JWE > structure in which the JWT is encoded. So may be it is more appropriate to > say "the JOSE header" instead of "the header of the JWT". > > Best, > Nikos > > -- > Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou > Researcher - Mobile Multimedia Laboratory > Athens University of Economics and Business > https://mm.aueb.gr > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
