Seems like a reasonable extension to me, in that it shouldn't break things, really. Is the suggestion to define a particular member for "other stuff" or to state that you're allowed to add other stuff inside the payload object?
But on the other hand, I'm wondering why other parts of the protocol (like hashing the HTTP body) wouldn't cover it? Or why you wouldn't want to just use a JOSE container for your entire protocol? Basically, within a given protocol you could easily put whatever additional stuff you like inside the protected JOSE payload without disrupting things, but I don't see the use case why you'd want to do that and not something else. -- Justin On May 6, 2014, at 6:54 PM, Phil Hunt <phil.h...@oracle.com<mailto:phil.h...@oracle.com>> wrote: Justin, Any discussion on including JSON payloads in the signed requests? Had an interesting conversation with Bill and I think this would be a useful optional feature. Phil @independentid www.independentid.com<http://www.independentid.com/> phil.h...@oracle.com<mailto:phil.h...@oracle.com> _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
