1. My understanding from Rifaat’s talk this week is that the token returned
from token exchange contains the previous token in the “tokens” claim. So, if
the process is iterated, the final token would have all previous tokens
embedded in it.
2. Our solution only requires the final PR to process
Does it? That's not what I read from the nested jwt draft. If you could
point out where it requires either of those to be true I think it would
help the draft authors consider your additional use case.
On Fri, Nov 11, 2022 at 11:01 AM Dr. Kelley W Burgin
wrote:
> Thanks Atul.
>
>
>
> Warren,
>
>
Thanks Atul.
Warren,
We see the following two benefits of our solution over embedded tokens:
1. Iterated calls (say PR1 needs to access PR2 needs to access … needs to
access PR5, all in different trust domains) do not result in a large final
token as they would with embedded tokens
2. Our solu
+Dr. Kelley W Burgin
Hi, Kelley would like to respond, so I'm copying him here (he only has the
digest of the day)
On Wed, Nov 9, 2022 at 11:08 AM Warren Parad wrote:
> I think it would be confusing for implementers to have to figure out the
> difference between this implementation and
> https:
