It is probably best to register “cnf” to match RFC 7600 so we don’t have two different structures one for JWT/CWT and one for introspection.
On the other hand introspected tokens are generally relatively custom in what claims they pass. I will discuss it with Hannes. John B. > On Apr 16, 2016, at 6:42 PM, Samuel Erdtman <sam...@erdtman.se> wrote: > > Hi, > > I'm working on the IANA section in > https://tools.ietf.org/html/draft-ietf-ace-oauth-authz > <https://tools.ietf.org/html/draft-ietf-ace-oauth-authz>. > > In https://tools.ietf.org/html/draft-ietf-ace-oauth-authz > <https://tools.ietf.org/html/draft-ietf-ace-oauth-authz> we want to have the > option to get the PoP parameters (alg, key and aud) via introspection e.g. if > using a reference token. > > At the moment I wrote the registration text of the parameters in the ACE > specification but I think it would be preferable if > https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution > <https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution> did the > registration for introspection too. > > Comments? > > //Samuel > _______________________________________________ > Ace mailing list > a...@ietf.org > https://www.ietf.org/mailman/listinfo/ace
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth