Re: [Ace] CWT - Scope Claim

I agree that CWT shouldn't define claims beyond those that correspond to the JWT claims. Other specs can do that via the registry established for that purpose. -- Mike From: Ace on behalf of Jim Schaad Sent:

Re: [Ace] CWT - Audience

Not having support for multiple audiences is semantically a non-starter. There are some differences in CWT from JWT that are intentional (such as binary key IDs) to better align CWT with COSE, but this particular divergence is unacceptable. My conclusion is that I will need read CWT

Re: [Ace] CWT - Audience

This was done because, in CBOR, there is a way to distinguish between a string and a URL. This is lacking in JSON. I believe that the ability to not have to determine this heuristically is a good thing. Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent:

Re: [Ace] CWT - Audience

On Tue, Oct 31, 2017 at 6:55 AM, Carsten Bormann wrote: > On Oct 31, 2017, at 10:42, Samuel Erdtman wrote: >> >> My guess is that this is an early mistake that has not been noticed, it has >> been like this from the first draft. > > I sure noticed the