Sorry for coming late in the game, but I really think that the "sub" claim
should be OPTIONAL instead of REQUIRED.

We are implementing OAuth 2.0 for the Norwegian health sector, where we
have several resources in production already.
I don't think the "sub" claim should have different meaning depending on
the flow - we would prefer to omit the sub claim in cases where the
resource owner isn't present.
This is not possible with the current language. We would like to be able to
choose if and how we use the "sub" - the "client_id" claim will always be
present.


Regards
Steinar

ons. 13. mai 2020 kl. 16:07 skrev Rifaat Shekh-Yusef <
rifaat.s.i...@gmail.com>:

> All,
>
> Based on the 3rd WGLC, we believe that we have consensus to move this
> document forward.
> https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/
>
> We will be working on the shepherd write-up and then submit the document
> to the IESG soon.
>
> Regards,
>  Rifaat & Hannes
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Vennlig hilsen

Steinar Noem
Partner Udelt AS
Systemutvikler

| stei...@udelt.no | h...@udelt.no  | +47 955 21 620 | www.udelt.no |
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to