+1 to Mike and John’s comments.
Phil
> On Jan 19, 2019, at 12:34 PM, Mike Jones
> wrote:
>
> I also agree that “resource” should be a specific network-addressable URL
> whereas a separate audience parameter (like “aud” in JWTs) can refer to one
> or more logical resources. They are
I also agree that “resource” should be a specific network-addressable URL
whereas a separate audience parameter (like “aud” in JWTs) can refer to one or
more logical resources. They are different, if related, things.
Note that the ACE WG is proposing to register a logical audience parameter
We need to decide if we want to make a change.
For security we are location centric.
I prefer to keep resource location separate from logical audience that can
be a scope or other parameter.
If becomes harder for people to use the parameter correctly if we are too
flexible.
I would rather have
This response is slow but somewhat less slow than those that came before.
So I also apologize again but somewhat less so :) I do apologize for
sending on a weekend but I just wasn't able to finish and make it to the
"send" button before the end of my Friday.
I've endeavored to continue the