I'm confused by your statement below, Hannes, about the examples not showing JWTs protected by MACs or digital signatures, since the example JWT in http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#section-3.1 is protected by a MAC and the nested JWT example in http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.2 is protected by a digital signature (and then encrypted).
-----Original Message----- From: Hannes Tschofenig [mailto:hannes.tschofe...@gmx.net] Sent: Monday, April 28, 2014 1:39 AM To: Mike Jones; Brian Campbell Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-19 - Examples Hi Mike, On 04/25/2014 06:37 PM, Mike Jones wrote: > While we could add other examples, doing so is beyond the scope of the > immediate mission to validate the existing examples, Hannes. There’s > lots of examples in the underlying JOSE specs, so it’s not clear that > we really need to add additional ones at this time. (If this > suggestion comes up again during IESG review, we could do that, but I > don’t think it’s necessary at this point to move the spec to IESG > review.) > It is certainly true that examples are not mandatory and that the JOSE specs contain a number of examples. Read through the document it came to my mind that the most common uses of JWTs are actually not covered as part of the examples. Many readers look at the examples to quickly get the idea and neither a JWT protected using a MAC is there nor a JWT protected with a digital signature. I will, however, get over it. Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
