Hi Roman, this is also a good question:
> (3) (Editorial) Page 4, Section 3.0, I read to the end of this section by > which point there has been discussion of "sub" or "iss". I was left > wondering about how to interpret the case where both are present and none are. Here is the text from the draft: " The presenter can be identified in one of several ways by the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is normally the subject identified by the CWT. (In some applications, the subject identifier will be relative to the issuer identified by the "iss" (issuer) claim [CWT].) If the CWT contains no "sub" claim, the presenter is normally the issuer identified by the CWT using the "iss" claim. The case in which the presenter is the subject of the CWT is analogous to Security Assertion Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] SubjectConfirmation usage. At least one of the "sub" and "iss" claims is typically present in the CWT and some use cases may require that both be present. " The CWT PoP document does not define the subject or issuer claims. The document also not mandate a specific set of claims to be included in a CWT since this is application profile specific. Hence, I am wondering whether we could shorten the paragraph above, which is actually a bit confusing. " This specification adds a new claim to offer the proof-of-possession functionality. There are various claims already defined and the IANA claims registry [REF] contains the most up-to-date list of standardized claims. Application using the CWT functionality define what claims have to be used. The presenter can, if necessary, be identified in one of several ways by the CWT depending upon the application requirements. If the CWT contains a "sub" (subject) claim [CWT], the presenter is the subject identified by the CWT. In some cases, there CWT may not include a "sub" claim, which allows the presenter to remain anonymous. " Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
