This was done because, in CBOR, there is a way to distinguish between a string and a URL. This is lacking in JSON. I believe that the ability to not have to determine this heuristically is a good thing.
Jim From: Ace [mailto:ace-boun...@ietf.org] On Behalf Of Samuel Erdtman Sent: Tuesday, October 31, 2017 2:42 AM To: Hannes Tschofenig <hannes.tschofe...@arm.com> Cc: ace@ietf.org Subject: Re: [Ace] CWT - Audience My guess is that this is an early mistake that has not been noticed, it has been like this from the first draft. I think the correct thing would be to change it so that CWT reflects JWT. //Samuel On Tue, Oct 31, 2017 at 10:27 AM, Hannes Tschofenig <hannes.tschofe...@arm.com <mailto:hannes.tschofe...@arm.com> > wrote: Hi all, in https://datatracker.ietf.org/doc/rfc7519/?include_text=1 (section 4.1.3), “aud” is defined for JWT as being an array of case-sensitive strings, or a single string. In https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/?include_text=1 (section 3.1.3), “aud” is defined for CWT as being like in JWT, but “the value is of type StringOrURI”. I was wondering how we arrived at this point where the CWT and the JWT differ in this regard. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list Ace@ietf.org <mailto:Ace@ietf.org> https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace