I think the registration really helps with discovery, especially as an implementer. When you see or observe these claims in a JWT, you can google them potentially returning no results. If you know about the IANA registry you can find them, even if you don't know that the tokens have anything to do with DPoP.
On Thu, Jun 16, 2022 at 6:21 PM Neil Madden <neil.mad...@forgerock.com> wrote: > The DPoP spec registers the “htm”, “htu”, and “ath” claims [1]. But do > these claims actually make sense outside of a DPoP proof? Presumably the > risk of naming collision within a DPoP proof is pretty small, so is there > any benefit to registering them rather than just using them as private > claims? > > (I guess I could ask the same question about lots of other entries in the > current registry at IANA, many of which look completely app-specific to me). > > [1]: > https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7 > > — Neil > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
