Proof-of-Possession Key Semantics for JWTs draft -04 addresses the remaining working group comments received - both a few leftover WGLC comments and comments received during IETF 93 in Prague<http://www.ietf.org/meeting/93/>. The changes were:
* Allowed the use of "jwk" for symmetric keys when the JWT is encrypted. * Added the "jku" (JWK Set URL) member. * Added privacy considerations. * Reordered sections so that the "cnf" (confirmation) claim is defined before it is used. * Noted that applications can define new claim names, in addition to "cnf", to represent additional proof-of-possession keys, using the same representation as "cnf". * Applied wording clarifications suggested by Nat Sakimura. The updated specification is available at: * https://tools.ietf.org/html/draft-ietf-oauth-proof-of-possession-04 An HTML formatted version is also available at: * http://self-issued.info/docs/draft-ietf-oauth-proof-of-possession-04.html -- Mike P.S. This note was also published at http://self-issued.info/?p=1442 and as @selfissued<https://twitter.com/selfissued>.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
