+1 =nat via iPhone
2015/03/23 11:07、Brian Campbell <bcampb...@pingidentity.com> のメッセージ: > This is mostly about section 3.4 but also the whole draft. > > If "cnf" is intended to analogous to the SAML 2.0 SubjectConfirmation > element, it should probably contain an array value rather than an object > value. SAML allows not just for multiple methods of confirming but for > multiple instances of the same method. IIRC, only one confirmation needs to > be confirmable. > > I'm not sure the extra complexity is worth it though. I've rarely, if ever, > seen SAML assertions that make use of it. > > If the intent is just to allow for different kinds of confirmation, couldn't > the structure be pared down and simplified and just have individual claims > for the different confirmation types? Like "cjwk" and "ckid" or similar that > have the jwk or kid value respectively as the member value. > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
