Replies inline...
-----Original Message----- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, April 23, 2014 4:49 AM To: oauth@ietf.org Subject: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19 Doing my shepherd write-up I had a few minor questions: * Could you move the RFC 6755 reference to the normative reference section? Reason: the IANA consideration section depends on the existence of the urn:ietf:params:oauth registry. OK * Could you move the JWK reference to the informative reference section? Reason: The JWK is only used in an example and not essential to the implementation or understanding of the specification. OK * Would it be sufficient to reference RFC 7159 instead of the [ECMAScript] reference? No. There's no equivalent to Section 15.12 of ECMAScript about the lexically last member name to reference in RFC 7159. See the usage in the first paragraph of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-4. * The document registers 'urn:ietf:params:oauth:token-type' and it is used in the "type" header parameter. The text, however, states that the value can also be set to jwt. Why would someone prefer to use urn:ietf:params:oauth:token-type instead of the much shorter jwt value? There are use cases, such as using JWTs as tokens in WS-Trust, where a URI is needed. Ciao Hannes Thanks for doing this. -- Mike
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
