On 07/02/2019 17:12, Hannes Tschofenig wrote:
Hi Ludwig,What I understood from the feed-back is that using a parameter called "aud" in a request to the token endpoint would be interpreted as a restriction on the audience of authorization servers that are addressed by this request.I am not talking about a parameter called 'aud'. Take a look at the token exchange spec -- the parameter is called 'audience'. 'aud' is the name of the claim. Ciao Hannes
Ok I see, I had that mixed up.Let me just note that having an "audience" parameter and an "aud" parameter (which is also referred to as 'audience') is not ideal when one wants to avoid confusion.
It seems the token-exchange draft is quite advanced, so referring to its "audience" parameter instead of defining "req_aud" (with more or less the same semantics) seems reasonable to me.
Do the chairs think that this would unduly delay the progress of draft-ietf-ace-oauth-params?
/Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace