Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

On 13/12/2018 15:42, Stefanie Gerdes wrote: Hi Ludwig, On 12/12/2018 10:47 AM, Ludwig Seitz wrote: The value of checking the iss field is indeed limited, but if present I feel it MUST be checked. The text does say that the RS must check the integrity of the token (see 5.8.1.1.) "Since the

Re: [Ace] Fwd: New Version Notification for draft-ietf-ace-oauth-authz-17.txt and draft-ietf-ace-oauth-params-01.txt

Hi Ludwig, On 12/12/2018 10:47 AM, Ludwig Seitz wrote: > The value of checking the iss field is indeed limited, but if present I > feel it MUST be checked. > > The text does say that the RS must check the integrity of the token (see > 5.8.1.1.) > > "Since the cryptographic wrapper of the token