Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

By the way, folks: If people disagree with COSE being a rewrite of JOSE, they should speak up in the COSE working group and say so. — Justin > On Nov 18, 2015, at 2:01 AM, Hannes Tschofenig > wrote: > > Hi Bill, > > Ø Is a data type mapping form JWT to

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Hi Bill, Ø Is a data type mapping form JWT to CBOR sufficient then? I initially thought but then I ran into the COSE work, which is not a mapping of the JOSE spec to CBOR. It is a re-write. Ciao Hannes -- IMPORTANT NOTICE: The contents of this email and any

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Is a data type mapping form JWT to CBOR sufficient then? On Monday, November 16, 2015 11:26 PM, Hannes Tschofenig wrote: #yiv5390846737 #yiv5390846737 -- _filtered #yiv5390846737 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv5390846737 {font-family:Tahoma;panos

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

early to tell. Ciao Hannes From: Bill Mills [mailto:wmills_92...@yahoo.com] Sent: 16 November 2015 22:55 To: William Denniss; Hannes Tschofenig Cc: Carsten Bormann; Subject: Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT) If there are structural differences in what CBOR can support it

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Hi William, You are indeed correct that the current document contains a list of one-by-one copies of claims from the JWT. The only difference is the data type. Probably it would have been better to just reference the semantic from the JWT spec and then state the new data type. I fully understa

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Bill Mills wrote: > If there are structural differences in what CBOR can support it would be > worthwhile to note that. Examples of things supported in JWT that you > can't do in CBOR could be very helpful to implementers. Those don't exist, but there may be things you have to do in JSON that you

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

If there are structural differences in what CBOR can support it would be worthwhile to note that.  Examples of things supported in JWT that you can't do in CBOR could be very helpful to implementers. On Monday, November 16, 2015 1:32 PM, William Denniss wrote: You raise some good

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Hi William, I have been trying to do a document update to see how well a combined registry works and I have been wondering whether it is really worth the effort. To make a good judgment I looked at the CNF claim defined in draft-ietf-oauth-proof-of-possession. The CNF claim may contain sub-eleme

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Hi Erik, having this draft is a good thing. One thing I'm still wondering is what WG is the best place to progress this. We probably don't need to spend too much time on this because, regardless of the WG chosen, the people in another WG can look at it. Still, getting this right might provide so

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Thanks very much, Eric. As we promised in Yokohama, the chairs of the COSE working group are currently running a consensus call thread about this very topic, and I’d encourage others to join that discussion. The thread starts here: http://www.ietf.org/mail-archive/web/cose/current/msg00747.html

Re: [OAUTH-WG] [COSE] A draft on CBOR Web Tokens (CWT)

Hi Carsten, Thanks, and I agree. I’ve heard arguments for all three work groups. Borrowed some of your words to define the content of the draft :) It’s it essentially a JWT, phrased in and profiled for CBOR to address ACE needs, where OAuth needs COSE functionality, for object security. I’m ope