On Thu, Jul 3, 2014 at 3:38 PM, Mike Jones <michael.jo...@microsoft.com> wrote:
> I can add something along these lines. Does that work for you? > > > > *Privacy Considerations* > > A JWT may contain privacy-sensitive information. When this is the case, > measures must be taken to prevent disclosure of this information to > unintended parties. One way to achieve this is to use an encrypted JWT. > Another way is to ensure that JWTs containing unencrypted privacy-sensitive > information are only transmitted over encrypted channels or protocols, such > as TLS. > Great, thanks! > > > -- Mike > > > > *From:* Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com] > *Sent:* Thursday, July 03, 2014 11:32 AM > *To:* Mike Jones > *Cc:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] FW: JOSE -30 and JWT -24 drafts incorporating > AD feedback on fifth spec of five > > > > Mike, > > > > Thanks for the updated JWT draft. I just read through it again and the > changes look good. > > > > I noticed that privacy considerations were not mentioned. Should there be > any discussed for claims, claim sets, etc.? This is bound to come up in > the IESG review if it is not addressed. Sorry I didn't catch that on the > first review. > > > > On Tue, Jul 1, 2014 at 9:11 PM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > > > > > *From:* Mike Jones > *Sent:* Tuesday, July 01, 2014 6:11 PM > *To:* j...@ietf.org > *Subject:* JOSE -30 and JWT -24 drafts incorporating AD feedback on fifth > spec of five > > > > JOSE -30 and JWT -24 drafts have been posted incorporating improvements > resulting from Kathleen Moriarty’s JWE review. At this point, actions > requested in her reviews of the JWS, JWE, JWK, JWA, and JWT specifications > have all been incorporated. All changes in this release were strictly > editorial in nature. > > > > The specifications are available at: > > · http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-30 > > · > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-30 > > · http://tools.ietf.org/html/draft-ietf-jose-json-web-key-30 > > · > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-30 > > · http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-24 > > > > HTML formatted versions are available at: > > · > http://self-issued.info/docs/draft-ietf-jose-json-web-signature-30.html > > · > http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-30.html > > · > http://self-issued.info/docs/draft-ietf-jose-json-web-key-30.html > > · > http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-30.html > > · > http://self-issued.info/docs/draft-ietf-oauth-json-web-token-24.html > > > > -- Mike > > > > P.S. This notice was also posted at http://self-issued.info/?p=1245 and > as @selfissued. > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > > > -- > > > > Best regards, > > Kathleen > -- Best regards, Kathleen
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
