Well, embedding a client_id claim in the JWE header in order to achieve
"request parameters outside the request object should not be referred to"
is like "putting the cart before the horse". Why do we have to avoid using
the traditional client_id request parameter so stubbornly?
The last paragraph
Hello everyone.
Is it possible to relax the requirement to sign the claims set if an
authenticated encryption mode with prior shared secrets is used? Eg.
https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-02. This would
reduce the size of the request object substantially.
Regards,
George Aris
