Registering the names provides clarity on use and avoids confusion on the meaning of a claim — ie two specs won’t have conflicting definitions of “htm”
On Thu, Jun 16, 2022 at 10:20 AM Warren Parad <wparad= 40rhosys...@dmarc.ietf.org> wrote: > I think the registration really helps with discovery, especially as an > implementer. When you see or observe these claims in a JWT, you can google > them potentially returning no results. If you know about the IANA registry > you can find them, even if you don't know that the tokens have anything to > do with DPoP. > > On Thu, Jun 16, 2022 at 6:21 PM Neil Madden <neil.mad...@forgerock.com> > wrote: > >> The DPoP spec registers the “htm”, “htu”, and “ath” claims [1]. But do >> these claims actually make sense outside of a DPoP proof? Presumably the >> risk of naming collision within a DPoP proof is pretty small, so is there >> any benefit to registering them rather than just using them as private >> claims? >> >> (I guess I could ask the same question about lots of other entries in the >> current registry at IANA, many of which look completely app-specific to me). >> >> [1]: >> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7 >> >> — Neil >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
