Richard Barnes has entered the following ballot position for draft-ietf-oauth-json-web-token-27: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Section 7. In order to prevent confusion between secured and Unsecured JWTs, the validation steps here need to call for the application to specify which is required. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Abstract. Welsh is the only language I know of in which "w" is a vowel. According to Wikipedia, then, "JWT" should pronounced "joot" :) Section 2. It seems like "Unsecured JWT" should simply be defined as "A JWT carried in an Unsigned JWS." Section 4.1. I'm a little surprised not to see a "jwk" claim, which would basically enable JWTs to sub in for certificates for many use cases. Did the WG consider this possibility? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth