fore publishing?
>
>-- Mike
>
> From: Torsten Lodderstedt
> Sent: Friday, May 1, 2020 2:37 AM
> To: Mike Jones
> Cc: John Bradley ; Nat Sakimura ;
> oauth
> Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-21.txt
Bradley ; Nat Sakimura ; oauth
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwsreq-21.txt
Thanks Mike.
I suggest to add text to JAR describing use of this registry values to
determine the request object signing and encryption algorithms.
Mike Jones
mailto:40microsoft@dmarc.ietf.org
request for early registration if it would be useful.
-- Mike
-Original Message-
From: OAuth On Behalf Of Torsten Lodderstedt
Sent: Sunday, April 26, 2020 8:17 AM
To: Nat Sakimura ; John Bradley
Cc: oauth
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth
Hi Nat & John,
I tried to find out how signing & encryption algorithms are determined in the
JAR context.
I just found this note in the history for -07: "Stopped talking about
request_object_signing_alg”
I assume you assume this is done via client registration parameters registered
in
https
I'd agree that Vladimir's proposed wording is more meaningful/helpful.
On Mon, Apr 20, 2020 at 12:12 AM Vladimir Dzhuvinov
wrote:
> Nat, John, thanks for updating the JAR spec. I just reviewed it, in
> particular the authz request and the security considerations sections.
> Choosing to make clie
Nat, John, thanks for updating the JAR spec. I just reviewed it, in
particular the authz request and the security considerations sections.
Choosing to make client_id (as top-level parameter) mandatory for all
cases, even for those when it can be readily extracted from the JWT,
makes the job of impl
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : The OAuth 2.0 Authorization Framework: JWT Secured
Authorization Request (JAR)
Authors : Nat Saki
