I'm really struggling with understanding what the value of an "ace_profile" claim actually would be in a JWT. A JSON string that's the profile name (though 5.6.4.3 maybe prohibits that)? A JSON number that's an integer matching the CBOR Value? Something else?
Is the value of "exi" in a JWT a JSON number? Seems likely but it's something that should probably be made explicit. Also for "exi", the requirement in 5.8.3. to "keep track of the identifiers of tokens containing the "exi" claim that have expired (in order to avoid accepting them again)" seems problematic in that it sounds like it's mandating an unbounded growth of memory use. The draft says that the "cnonce" claim (value) uses binary encoding. What does that mean for JSON based JWT? On Sat, Dec 21, 2019 at 4:35 AM Ludwig Seitz <ludwig_se...@gmx.de> wrote: > Hello JWT registry reviewers, > > the IESG-designated experts for the JWT claims registry have asked me to > send a review request to you about the claims registered here: > > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-29#section-8.12 > > Thank you in advance for you review comments. > > Regards, > > Ludwig > > _______________________________________________ > Jwt-reg-review mailing list > jwt-reg-rev...@ietf.org > https://www.ietf.org/mailman/listinfo/jwt-reg-review > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
