This was simplified in -3 in a way that removes the abused MUST. It now reads:
At least one of the "sub" and "iss" claims MUST be present in
the JWT. Some use cases may require that both be present.
-- Mike
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Sunday, March 22, 2015 6:54 PM
To: oauth
Subject: [OAUTH-WG] 2119 abuse at the end of section 3 proof-of-possession-02
At the end of section
3<https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-02#section-3>
it says, 'At least one of the "sub" and "iss" claims MUST be present in the
JWT, and in some use cases, both MUST be present.'
Admittedly I've misused RFC 2119 keywords a few times myself, so I say this
aware of my own hypocrisy, but shouldn't the second "MUST" in that sentience be
a little "must"? I don't think "some use cases" is enough to know when it
applies. Maybe even spitting it up into two sentences? Something like, 'At
least one of the "sub" and "iss" claims MUST be present in the JWT. Some use
cases may require that both be present.'
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
