On Apr 21, 2017, at 09:56, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > > * the CWT spec maps some of the JWT claims to CBOR but does not contain > anything regarding PoP tokens. > * the ACE framework provides the PoP-related components (see > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-06#section-5.5.4.5). > > Now, the question to the group is whether they are happy with this > split. Another option would be to include the cnf claims needed for the > PoP token functionality already in the CWT spec.
Probably, the “cnf” claims attain their actual meaning through the framework. It will be hard to do a framework-independent definition of those in the CWT spec. So I am very happy with that split. Grüße, Carsten
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace