Looks like I was not the only one that was reading "p0rn" when I saw "prn" … ;-)
On Dec 28, 2012, at 5:07 PM, Mike Jones wrote:
> New versions of the OAuth JWT, JWT Bearer Profile, and Assertions specs have
> been released incorporating feedback since IETF 85 in Atlanta. The primary
> change
Mike,
I've read through the JWT spec and I'm curious about something. How do I
specify a signature requirement as the server? I didn't see it but I probably
just missed it. I'm thinking that with very little work a JWT can do
everything that MAC does with greater flexibility, *BUT* the serve
I found the X.1252 definition. It is:
6.18 claim [b-OED]: To state as being the case, without being able to give
proof.
That seems both a bit vague, and actually incorrect, as the JWT may include
proof of the veracity of the claim. Please see the updated JWT draft for a
hopefully more useful
Thanks for your review, Hannes. Updates resulting from these comments are
included in the latest drafts.
Thanks again,
-- Mike
From: Mike Jones
Sent: Monday, December 10, 2012
Thanks for your review, Prateek. Updates resulting from these comments are
included in the latest drafts.
Thanks again,
-- Mike
From: Mike Jones
Sent: Monday, December 10, 201
New versions of the OAuth JWT, JWT Bearer Profile, and Assertions specs have
been released incorporating feedback since IETF 85 in Atlanta. The primary
change is changing the name of the "prn" claim to "sub" (subject) both to more
closely align with SAML name usage and to use a more intuitive n
On 28 Dec 2012, at 5:58 AM, "Anganes, Amanda L" wrote:
> Hi Eve and Thomas,
>
> On 12/27/12 8:11 PM, "Eve Maler" wrote:
>
>> Amanda, thanks for the lightning-fast comments back. A couple of additional
>> notes on top of Thomas's response:
>>
>> The "scope type" language is indeed new this t
Did I miss the discussion on this code breaking change?
I'm ok with the change, but would have expected more discussion / notice about
a change such as this.
Before I run around and make edits to running code, I'd like to know if we are
staying with this label.
-- Dick
__
Hi Torsten
On 27/12/12 18:22, Torsten Lodderstedt wrote:
Am 27.12.2012 10:57, schrieb Sergey Beryozkin:
sHi
On 25/12/12 12:41, Torsten Lodderstedt wrote:
Hi all,
any other opinion regarding having or not having a token type parameter?
I would like to go with #1 as it is rather late in the pr
Hi Torsten
On 27/12/12 18:02, Torsten Lodderstedt wrote:
Depending on the authorization server's revocation policy, the
revocation of a particular token may cause the revocation of related
tokens and the underlying authorization.
If the particular token is a refresh token and the authorization
I'm fine with this approach, though I'd leave in a RECOMMEND for the
refresh token -> access token cascading delete, since it will be a
common one.
-- Justin
On 12/26/2012 11:14 AM, Torsten Lodderstedt wrote:
Hi John,
thanks for your feedback.
After having thought through this topic again
Sounds reasonable to me.
-- Justin
On 12/25/2012 08:19 AM, Torsten Lodderstedt wrote:
Hi Peter,
your proposal sounds reasonable.
Since it involves a change to the interface spec (400 instead of 403
in case of unauthorized access) I would like to ask the working group
for feedback.
What d
Sorry yes, Google calls it cid. Mike's TLA theory for JWT, JWE, JWS , JWK can
be confusing at times.
On 2012-12-28, at 10:59 AM, Brian Campbell wrote:
> I believe John meant to refer to Google's adding of the cid claim rather than
> the prn claim.
>
>
> On Thu, Dec 27, 2012 at 5:53 PM, Joh
I believe John meant to refer to Google's adding of the *cid* claim rather
than the *prn* claim.
On Thu, Dec 27, 2012 at 5:53 PM, John Bradley wrote:
> The discussion on the Connect call was that audience could be a literal or
> an array.
>
> example
>
> "aud":["http://audiance1.com","http://au
Hi Eve and Thomas,
On 12/27/12 8:11 PM, "Eve Maler" mailto:e...@xmlgrrl.com>>
wrote:
Amanda, thanks for the lightning-fast comments back. A couple of additional
notes on top of Thomas's response:
The "scope type" language is indeed new this time -- of course this whole
modular spec is newly b
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Assertion Framework for OAuth 2.0
Author(s) : Brian Campbell
C
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT) Bearer Token Profiles for OAuth
2.0
Author(s) : Michael B. Jones
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT)
Author(s) : Michael B. Jones
John Bradley
18 matches
Mail list logo
