Registering the names provides clarity on use and avoids confusion on the meaning of a claim — ie two specs won’t have conflicting definitions of “htm”
On Thu, Jun 16, 2022 at 10:20 AM Warren Parad <wparad= [email protected]> wrote: > I think the registration really helps with discovery, especially as an > implementer. When you see or observe these claims in a JWT, you can google > them potentially returning no results. If you know about the IANA registry > you can find them, even if you don't know that the tokens have anything to > do with DPoP. > > On Thu, Jun 16, 2022 at 6:21 PM Neil Madden <[email protected]> > wrote: > >> The DPoP spec registers the “htm”, “htu”, and “ath” claims [1]. But do >> these claims actually make sense outside of a DPoP proof? Presumably the >> risk of naming collision within a DPoP proof is pretty small, so is there >> any benefit to registering them rather than just using them as private >> claims? >> >> (I guess I could ask the same question about lots of other entries in the >> current registry at IANA, many of which look completely app-specific to me). >> >> [1]: >> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7 >> >> — Neil >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
