Then how about the ACE Constrained Token (ACT)? — Justin
> On May 10, 2016, at 10:14 AM, Phil Hunt (IDM) <phil.h...@oracle.com> wrote: > > I don't have this issue. I see your point, but I think the constrained > branding makes it clear. > > IOW. When the specs say "constrained web" the use means to me that the tokens > for the constrained set of binary protocols which all tend to be in parallel > architecture with web apis anyway. > > Phil > > On May 10, 2016, at 05:57, Justin Richer <jric...@mit.edu > <mailto:jric...@mit.edu>> wrote: > >> You’re missing my original complaint: Until this token can be directly >> encoded into web technologies, like HTTP headers and HTML pages, then it has >> no business being called a “Web” anything. As it is, it’s a binary encoding >> that would need an additional wrapper, like base64url perhaps, to be placed >> into web spaces. It can be used in CoAP and native CBOR structures as-is, >> which is what it’s designed to do. >> >> The “web” part of JWT is very important. A JWT can be used, as-is, in any >> part of an HTTP message: headers, query, form, etc. It can also be encoded >> as a string in other data structures in just about any language without any >> additional transformation, including HTML, XML, and JSON. This makes the JWT >> very “webby”, and this is a feature set that this new token doesn’t share. >> Ergo, it has no business being called a “web” token regardless of its >> heritage. >> >> Both CBOR Token and COSE Token are fine with me. >> >> — Justin >> >>> On May 10, 2016, at 3:50 AM, Mike Jones <michael.jo...@microsoft.com >>> <mailto:michael.jo...@microsoft.com>> wrote: >>> >>> I also feel strongly that the name should remain CBOR Web Token. CWT is a >>> beneficiary of the intellectual and deployment heritage from the Simple Web >>> Token (SWT) and JSON Web Token (JWT). CWT is intentionally parallel to >>> JWT. The name should stay parallel as well. >>> >>> The “Web” part of the “CBOR Web Token” name can be taken as a reference to >>> the Web of Things (see https://en.wikipedia.org/wiki/Web_of_Things >>> <https://en.wikipedia.org/wiki/Web_of_Things>). As Erik correctly points >>> out JSON is not the only data representation that makes things in the Web >>> and the Web of Things. >>> >>> -- Mike >>> <> >>> From: Ace [mailto:ace-boun...@ietf.org <mailto:ace-boun...@ietf.org>] On >>> Behalf Of Erik Wahlström >>> Sent: Tuesday, May 10, 2016 1:44 AM >>> To: Justin Richer <jric...@mit.edu <mailto:jric...@mit.edu>> >>> Cc: Kathleen Moriarty <kathleen.moriarty.i...@gmail.com >>> <mailto:kathleen.moriarty.i...@gmail.com>>; Kepeng Li >>> <kepeng....@alibaba-inc.com <mailto:kepeng....@alibaba-inc.com>>; >>> a...@ietf.org <mailto:a...@ietf.org>; Carsten Bormann <c...@tzi.org >>> <mailto:c...@tzi.org>>; Hannes Tschofenig <hannes.tschofe...@gmx.net >>> <mailto:hannes.tschofe...@gmx.net>>; <oauth@ietf.org >>> <mailto:oauth@ietf.org>> <oauth@ietf.org <mailto:oauth@ietf.org>>; cose >>> <c...@ietf.org <mailto:c...@ietf.org>> >>> Subject: Re: [Ace] [COSE] Call for adoption for >>> draft-wahlstroem-ace-cbor-web-token-00 >>> >>> Or keep the CBOR Web Token (CWT) for two major reasons: >>> - To show the very close relationship to JWT. It relies heavily on JWT and >>> it's iana registry. It is essentially a JWT but in CBOR/COSE instead of >>> JSON/JOSE. >>> - I would not say that JWT is the only format that works for the web, and >>> it's even used in other, non-traditional, web protocols. That means I don't >>> have a problem with the W in CWT at all. Why would JSON be the only web >>> protocol? >>> >>> Then we also have one smaller (a lot smaller) reason, it's the fact that it >>> can be called "cot" just like JWT is called a "jot" and I figured that our >>> "cozy chairs" would very much like that fact because then it's essentially >>> a "cozy cot" :) >>> >>> / Erik >>> >>> >>> On Tue, May 10, 2016 at 2:49 AM, Justin Richer <jric...@mit.edu >>> <mailto:jric...@mit.edu>> wrote: >>> We can also call it the “COSE Token”. As a chair of the COSE working group, >>> I’m fine with that amount of co-branding. >>> >>> — Justin >>> >>> > On May 9, 2016, at 9:31 AM, Carsten Bormann <c...@tzi.org >>> > <mailto:c...@tzi.org>> wrote: >>> > >>> >> draft-ietf-ace-cbor-token-00.txt; >>> > >>> > For the record, I do not think that ACE has a claim on the term "CBOR >>> > Token". While the term token is not used in RFC 7049, there are many >>> > tokens that could be expressed in CBOR or be used in applying CBOR to a >>> > problem. >>> > >>> > ACE CBOR Token is fine, though. >>> > (Or, better, CBOR ACE Token, CAT.) >>> > >>> > Grüße, Carsten >>> > >>> > _______________________________________________ >>> > COSE mailing list >>> > c...@ietf.org <mailto:c...@ietf.org> >>> > https://www.ietf.org/mailman/listinfo/cose >>> > <https://www.ietf.org/mailman/listinfo/cose> >>> >>> _______________________________________________ >>> Ace mailing list >>> a...@ietf.org <mailto:a...@ietf.org> >>> https://www.ietf.org/mailman/listinfo/ace >>> <https://www.ietf.org/mailman/listinfo/ace> >> _______________________________________________ >> COSE mailing list >> c...@ietf.org <mailto:c...@ietf.org> >> https://www.ietf.org/mailman/listinfo/cose >> <https://www.ietf.org/mailman/listinfo/cose>
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
