I agree that CWT shouldn't define claims beyond those that correspond to the
JWT claims. Other specs can do that via the registry established for that
purpose.
-- Mike
From: Ace on behalf of Jim Schaad
Sent:
Not having support for multiple audiences is semantically a non-starter. There
are some differences in CWT from JWT that are intentional (such as binary key
IDs) to better align CWT with COSE, but this particular divergence is
unacceptable.
My conclusion is that I will need read CWT
This was done because, in CBOR, there is a way to distinguish between a string
and a URL. This is lacking in JSON. I believe that the ability to not have to
determine this heuristically is a good thing.
Jim
From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman
Sent:
On Tue, Oct 31, 2017 at 6:55 AM, Carsten Bormann wrote:
> On Oct 31, 2017, at 10:42, Samuel Erdtman wrote:
>>
>> My guess is that this is an early mistake that has not been noticed, it has
>> been like this from the first draft.
>
> I sure noticed the