Hi Phil, Hi Tony, Hi all,
regarding this document I believe there are the following questions the
group may want to think about:
a) Is the lifecycle of software development (Figure 1) common accross
several companies?
b) The document defines a number of attributes. Are those attributes
also used in other deployments? Is their semantic clearly defined so
that meaningful actions can be taken when receiving those?
c) Is the proposed approach for conveying the software statement
acceptable for the group?
(currently the information is conveyed as a bearer token encoded as JWT).
What would be good to have is two things:
* Examples
* Text that describes what decisions can be made by the introduction
of the software assertions. This text could go into the introduction to
provide a motivation about why to use it.
Ciao
Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
