Well... In the case of scim which takes json requests and gives json responses, it would be nice to have signed transactions including json payload from http body. This could be easily layer on top of scim without required any change to scim.
If however someone wants a json body like a jwt assertion (where both are in the same json structure) thats a different thing isn't it. :-) Phil > On May 6, 2014, at 17:19, "Richer, Justin P." <jric...@mitre.org> wrote: > > Seems like a reasonable extension to me, in that it shouldn't break things, > really. Is the suggestion to define a particular member for "other stuff" or > to state that you're allowed to add other stuff inside the payload object? > > But on the other hand, I'm wondering why other parts of the protocol (like > hashing the HTTP body) wouldn't cover it? Or why you wouldn't want to just > use a JOSE container for your entire protocol? Basically, within a given > protocol you could easily put whatever additional stuff you like inside the > protected JOSE payload without disrupting things, but I don't see the use > case why you'd want to do that and not something else. > > -- Justin > >> On May 6, 2014, at 6:54 PM, Phil Hunt <phil.h...@oracle.com> wrote: >> >> Justin, >> >> Any discussion on including JSON payloads in the signed requests? Had an >> interesting conversation with Bill and I think this would be a useful >> optional feature. >> >> Phil >> >> @independentid >> www.independentid.com >> phil.h...@oracle.com >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
