As I said, I have not fully thought it out. A better way to state this might be - this token uses the same key as rather than implying overriding.
-----Original Message----- From: Olaf Bergmann <bergm...@tzi.org> Sent: Sunday, May 17, 2020 11:32 PM To: Jim Schaad <i...@augustcellars.com> Cc: 'Francesca Palombini' <francesca.palomb...@ericsson.com>; 'Ace Wg' <ace@ietf.org> Subject: Re: [Ace] Update of access rights Hi Jim, Jim Schaad <i...@augustcellars.com> writes: > define a new claim which says - This token supersedes the token(s) > with CWTID values of "x", "y" and "z". Isn't this the same as token revocation with all its implications? I would prefer strict token ordering combined with a sound revocation mechanism. In both scenarios, you would still have the issue that the client forwards the superseding token/revocation message if it has a benefit from doing so. Grüße Olaf _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace