subject:"\[OAUTH\-WG\] draft\-ietf\-oauth\-json\-web\-token\-06 comment"

Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-06 comment

2013-03-14 Thread Mike Jones

, -- Mike From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Peck, Michael A Sent: Thursday, March 14, 2013 8:05 PM To: oauth@ietf.org Subject: [OAUTH-WG] draft-ietf-oauth-json-web-token-06 comment To explain my

Re: [OAUTH-WG] draft-ietf-oauth-json-web-token-06 comment

2013-03-14 Thread Phil Hunt

Mike, It is my understanding there will be new draft (or a revision of the MAC draft) that builds on the JWT draft to define a secure (MAC) token based on the security requirements presentation I gave today. I believe all/most of your questions should be addressed in the security draft: http

[OAUTH-WG] draft-ietf-oauth-json-web-token-06 comment

2013-03-14 Thread Peck, Michael A

To explain my comment at the microphone today: Section 8 states: JWTs use JSON Web Signature (JWS) [JWS] and JSON Web Encryption (JWE) [JWE] to sign a