+1 2015-03-23 10:54 GMT+09:00 Brian Campbell <bcampb...@pingidentity.com>:
> At the end of section 3 > <https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3> > it says, 'At least one of the "sub" and "iss" claims MUST be present in the > JWT, and in some use cases, both MUST be present.' > > Admittedly I've misused RFC 2119 keywords a few times myself, so I say > this aware of my own hypocrisy, but shouldn't the second "MUST" in that > sentience be a little "must"? I don't think "some use cases" is enough to > know when it applies. Maybe even spitting it up into two sentences? > Something like, 'At least one of the "sub" and "iss" claims MUST be present > in the JWT. Some use cases may require that both be present.' > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth