Hi Carsten, In preparing a description of the changes made for WGLC, I reread your comments below and saw that we failed to do the update to the RFC 8174 template. I've made a note of it and will plan to do so when we next edit the document.
Responding to your point about the "+jwt" structured syntax registration - this registration is being done by https://tools.ietf.org/html/draft-ietf-secevent-token-11#section-7.2. This document will be discussed on this week's telechat. I believe that all your other points below have been addressed. Thanks again, -- Mike -----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of Carsten Bormann Sent: Tuesday, April 17, 2018 4:59 AM To: Hannes Tschofenig <hannes.tschofe...@arm.com> Cc: oauth <oauth@ietf.org> Subject: Re: [OAUTH-WG] Working Group Last Call: JSON Web Token Best Current Practices On Apr 17, 2018, at 12:24, Carsten Bormann <c...@tzi.org> wrote: > > ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) That also gives rise to: Minor technical comment: 2.3 claims that JSON can be in different encodings. This is no longer really the case with RFC 8259 (see Section 8.1). Please fix the wording to remove the untrue claim (no pun intended). Major technical comment: Section 3.9 recommends the use of media types of the form application/example+jwt. I don’t find a registration for the RFC 6839 structured syntax suffix "+jwt". If this recommendation is desired, this document will need to register it (preferred) or refer to a document that does. Nit: Section 1.2 could use the newer template (as per RFC 8174) here. Nit: Section 3.6: s/use/use or admit the use of/ Nit: Section 3.8: s/not/not present or not/ I think these are all solved in an obvious way, and once done I strongly support this document to go forward. Grüße, Carsten _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
