date:20200803

Re: [OAUTH-WG] Stephen Farrell's Discuss on draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)

2020-08-03 Thread Carsten Bormann

On 2014-10-06, at 09:54, Mike Jones  wrote:

>> - 4.1.7: maybe worth adding that jti+iss being unique enough is not 
>> sufficient and
>> jti alone has to meet that need. In
>> X.509 the issuer/serial has the equivalent property so someone might assume
>> sequential jti values starting at 0 are ok.
> 
> Makes sense to add a warning of some kind along these lines.  I think I know 
> the reasons you say that, but can you expand on that thought a bit before I 
> take a stab on writing this up?  For instance, while normally true, I don't 
> think your observation is true if a relying party will only accept tokens 
> from a single issuer.

So can someone remind me why jti needs to be unique globally, and not just per 
issuer?

Grüße, Carsten

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth Interim Aug 3rd Minutes

2020-08-03 Thread Rifaat Shekh-Yusef

All,

You can find the meeting minutes and meeting recording here:
https://www.ietf.org/proceedings/interim-2020-oauth-10/minutes/minutes-interim-2020-oauth-10-202008031200-00

Thanks to Dick Hardt for taking notes.

Regards,
 Rifaat
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Stephen Farrell's Discuss on draft-ietf-oauth-json-web-token-27: (with DISCUSS and COMMENT)

[OAUTH-WG] OAuth Interim Aug 3rd Minutes

2 matches

Site Navigation

Mail list logo

Footer information