Is that actually true? The DPoP spec itself is a case in point: it reuses the existing OIDC “nonce” claim but explicitly says that DPoP nonces are not like OIDC nonces (section 9):
“ Developers should also take care to not confuse DPoP nonces with the OpenID Connect [OpenID.Core] ID Token nonce.” The official IANA registration of “nonce” says: Value used to associate a Client session with an ID Token Does this matter? If not, does it matter if some other spec defines a “htm” claim with different meaning? > On 16 Jun 2022, at 20:50, Dick Hardt <dick.ha...@gmail.com> wrote: > > > Registering the names provides clarity on use and avoids confusion on the > meaning of a claim — ie two specs won’t have conflicting definitions of “htm” > >> On Thu, Jun 16, 2022 at 10:20 AM Warren Parad >> <wparad=40rhosys...@dmarc.ietf.org> wrote: >> I think the registration really helps with discovery, especially as an >> implementer. When you see or observe these claims in a JWT, you can google >> them potentially returning no results. If you know about the IANA registry >> you can find them, even if you don't know that the tokens have anything to >> do with DPoP. >> >>> On Thu, Jun 16, 2022 at 6:21 PM Neil Madden <neil.mad...@forgerock.com> >>> wrote: >>> The DPoP spec registers the “htm”, “htu”, and “ath” claims [1]. But do >>> these claims actually make sense outside of a DPoP proof? Presumably the >>> risk of naming collision within a DPoP proof is pretty small, so is there >>> any benefit to registering them rather than just using them as private >>> claims? >>> >>> (I guess I could ask the same question about lots of other entries in the >>> current registry at IANA, many of which look completely app-specific to me). >>> >>> [1]: >>> https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.7 >>> >>> — Neil >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
