Here are my WGLC comments: * I am not sure that I understand what the protocol flow is when JAR is being used. Is there a potential case where a JWT would be used as the structure of an OAuth response? If so then is there a problem with defining cnf in section 4.1?
* We need to have a OAuth CBOR integer mapping registry - the items in section 6 need to be registered into that registry. * Review - is the 'cnf' parameter in section 3.2 ok with the OAuth group or does it need to be renamed as well? * Check that cnf in 4.1 is going to be ok with draft-ietf-oauth-jwt-introspection-response Jim _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace