Best practices according to whom?
This list, and documents such as:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics
Wouldn't the concerns of section 6 of your draft better be parts of a
follow-up or addendum to rfc-6749?
OAuth 2.1 has no normative changes over OAuth
Yes to both questions.
On Tue, Jun 14, 2022 at 2:22 PM Warren Parad wrote:
> Is it helpful to challenge this implementation? (and is this email thread
> the right place to do it?)
>
> On Tue, Jun 14, 2022 at 5:27 PM Rifaat Shekh-Yusef <
> rifaat.s.i...@gmail.com> wrote:
>
>> It is a Nested JWT
Is it helpful to challenge this implementation? (and is this email thread
the right place to do it?)
On Tue, Jun 14, 2022 at 5:27 PM Rifaat Shekh-Yusef
wrote:
> It is a Nested JWT with at least *two related subjects*, one in the
> enclosed JWT and another in the enclosing JWT.
> Having said
It is a Nested JWT with at least *two related subjects*, one in the
enclosed JWT and another in the enclosing JWT.
Having said that, I do not have a strong opinion on the name and we could
potentially change it to a name that more accurately reflects the scope of
the document, if needed.
The
After reading the draft I also have some concerns. This still isn't
multi-subject, right? As there is only one subject, there just happens to
be a new claim with additional information in it. I'm still behind on the
justification for creating this, as at first glance, either the user got an
access
Hi Dick,
The initial scope of the document was very limited to extending the
existing Nested JWT to allow the enclosing JWT to have its own claims.
Since then, it was clear that there are many use cases that need such a
mechanism that requires more than just a simple nesting of JWTs. That's the
Hi Rifaat
I'm suspecting there was a conversation on changing the name to
multi-subject JWT. Would you provide a pointer or short summary?
I find the name concerning as I am looking at a very different concept that
would also be considered a multi-subject JWT.
My use case is where user
I have just submitted an updated version of the *Multi-Subject JWT* draft
(formerly known as Nested JWT) with more details.
I would appreciate any reviews and feedback on this version.
https://datatracker.ietf.org/doc/html/draft-yusef-oauth-nested-jwt
Regards,
Rifaat
Hello Aaron and anyone in the group,
Could you further comment on my last email?
I'd have an additional question: in
https://datatracker.ietf.org/doc/html/rfc6749#section-10 there is a list of
security considerations. Wouldn't the concerns of section 6 of your draft
better be parts of a