Thanks for your responses, Ludwig.
Responding to your point about "Note that we have aligned these abbreviations
with the claim abbreviations defined in [RFC8392]." The point of the alignment
was to enable signed requests to be expressed as CWTs - just as OAuth signed
requests are expressed as
On 25/10/2018 07:33, Carsten Bormann wrote:
+1 for making all the CWT-like structures into real CWTs.
A discussion of what we consider to be CWT-like structures and what not
would be helpful as a follow-up here.
If draft-ietf-oauth-jwsreq is any indication the OAuth WG seems to
consider th
On 23/10/2018 20:44, Jim Schaad wrote:
-Original Message- From: Ludwig Seitz
Sent: Tuesday, October 23, 2018 7:43 AM To: Jim Schaad
; draft-ietf-ace-oauth- au...@ietf.org Cc:
ace@ietf.org Subject: Re: [Ace] WGLC for draft-ietf-ace-authz
Hallo Jim,
thank you for the review! Comments
On 25/10/2018 02:58, Mike Jones wrote:
IT CAN'T BE A COINCIDENCE: There's clearly a relationship between
many of the CBOR numeric values used in this this specification and
corresponding CBOR Web Token (CWT) claim identifiers, but oddly, the
relationship is currently unspecified and the goals be
HI FP,
Answering below.
section 1.1 does not mention groupcomm draft for the terms: group
identifier and role identifier.
group identifier is described in groupcomm document
role identifier is not; hence difficult to know what to do in the
implementation
Francesca Palombini schreef op 2018-10-29 1
On 22/10/2018 21:09, Jim Schaad wrote:
* Registries - I am wondering if we should think about re-writing a couple
of the registries. As things stand it appears that the application/ace+cbor
content type is being used in 5 or 6 places. It might make more sense to
have a registry for all of th