I am out of the office until 24/08/2015.
Note: This is an automated response to your message "OAuth Digest, Vol 82,
Issue 3" sent on 11/08/2015 5:46:23.
This is the only notification you will receive while this person is away.
___
OAuth mailing li
On Tue, Aug 11, 2015 at 12:08 AM, Mike Jones
wrote:
> There didn’t seem to be support for having cnf contain array values.
> Instead, as discussed in the thread “[OAUTH-WG] JWT PoP Key Semantics WGLC
> followup 3 (was Re: confirmation model in proof-of-possession-02)”, if
> different keys are bein
Brian's note contained two suggestions, which I'll address separately.
The first was to have "cnf" contain an array of values rather than individual
values. But even he said "I'm not sure the extra complexity is worth it
though. I've rarely, if ever, seen SAML assertions that make use of it."
Thank you
On Mon, Aug 10, 2015 at 9:57 PM, Mike Jones
wrote:
> As discussed in the thread “[OAUTH-WG] JWT PoP Key Semantics WGLC followup
> 2 (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT
> okay?)”, I will update the draft to say that the symmetric key can be
> carried in
I took Nat's "+1" as support for flattening things into individual claims
like "cjwe", "cjwk" and "ckid". Maybe that's just confirmation bias on my
part. But it'd be interesting to get Nat's actual opinion as apposed to his
assumed or implied opinion. Nat?
It seems to me that it's really a questio
I think Brian also argued that flattening would save a registry, and be easier
to process in the default case.
I don’t really by the argument that having a cnf object makes it that much
harder to process. I think it is stylistically better json to keep the
elements together so that they can be
On Tue, Aug 11, 2015 at 5:30 PM, John Bradley wrote:
> I think Brian also argued that flattening would save a registry, and be
> easier to process in the default case.
>
> I don’t really by the argument that having a cnf object makes it that much
> harder to process. I think it is stylistically b
OK
> On Aug 11, 2015, at 12:57 AM, Mike Jones wrote:
>
> As discussed in the thread “[OAUTH-WG] JWT PoP Key Semantics WGLC followup 2
> (was Re: proof-of-possession-02 unencrypted oct JWK in encrypted JWT okay?)”,
> I will update the draft to say that the symmetric key can be carried in the
>
