That's a very value scenario actually. Even so that it should actually be handled in the draft. Scenario: In the continuum of large and small devices an unconstrained client and AS goes through the hoops of issuing a token using standard (HTTP/JSON). The Resource Server however is constrained and would very much like a CWT when it communicates with the Client. That means that in the AS to Client response from the token endpoint the binary token should actually be wrapped by base64url. I can definitely see that being added to the draft. / Erik
On Tue, May 10, 2016 at 2:57 PM, Justin Richer <jric...@mit.edu> wrote: > You’re missing my original complaint: Until this token can be directly > encoded into web technologies, like HTTP headers and HTML pages, then it > has no business being called a “Web” anything. As it is, it’s a binary > encoding that would need an additional wrapper, like base64url perhaps, to > be placed into web spaces. It can be used in CoAP and native CBOR > structures as-is, which is what it’s designed to do. > > The “web” part of JWT is very important. A JWT can be used, as-is, in any > part of an HTTP message: headers, query, form, etc. It can also be encoded > as a string in other data structures in just about any language without any > additional transformation, including HTML, XML, and JSON. This makes the > JWT very “webby”, and this is a feature set that this new token doesn’t > share. Ergo, it has no business being called a “web” token regardless of > its heritage. > > Both CBOR Token and COSE Token are fine with me. > > — Justin > > On May 10, 2016, at 3:50 AM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > I also feel strongly that the name should remain CBOR Web Token. CWT is a > beneficiary of the intellectual and deployment heritage from the Simple Web > Token (SWT) and JSON Web Token (JWT). CWT is intentionally parallel to > JWT. The name should stay parallel as well. > > The “Web” part of the “CBOR Web Token” name can be taken as a reference to > the Web of Things (see https://en.wikipedia.org/wiki/Web_of_Things). As > Erik correctly points out JSON is not the only data representation that > makes things in the Web and the Web of Things. > > -- Mike > > *From:* Ace [mailto:ace-boun...@ietf.org <ace-boun...@ietf.org>] *On > Behalf Of *Erik Wahlström > *Sent:* Tuesday, May 10, 2016 1:44 AM > *To:* Justin Richer <jric...@mit.edu> > *Cc:* Kathleen Moriarty <kathleen.moriarty.i...@gmail.com>; Kepeng Li < > kepeng....@alibaba-inc.com>; a...@ietf.org; Carsten Bormann <c...@tzi.org>; > Hannes Tschofenig <hannes.tschofe...@gmx.net>; <oauth@ietf.org> < > oauth@ietf.org>; cose <c...@ietf.org> > *Subject:* Re: [Ace] [COSE] Call for adoption for > draft-wahlstroem-ace-cbor-web-token-00 > > Or keep the CBOR Web Token (CWT) for two major reasons: > - To show the very close relationship to JWT. It relies heavily on JWT and > it's iana registry. It is essentially a JWT but in CBOR/COSE instead of > JSON/JOSE. > - I would not say that JWT is the only format that works for the web, and > it's even used in other, non-traditional, web protocols. That means I don't > have a problem with the W in CWT at all. Why would JSON be the only web > protocol? > > Then we also have one smaller (a lot smaller) reason, it's the fact that > it can be called "cot" just like JWT is called a "jot" and I figured that > our "cozy chairs" would very much like that fact because then it's > essentially a "cozy cot" :) > > / Erik > > > On Tue, May 10, 2016 at 2:49 AM, Justin Richer <jric...@mit.edu> wrote: > > We can also call it the “COSE Token”. As a chair of the COSE working > group, I’m fine with that amount of co-branding. > > — Justin > > > On May 9, 2016, at 9:31 AM, Carsten Bormann <c...@tzi.org> wrote: > > > >> draft-ietf-ace-cbor-token-00.txt; > > > > For the record, I do not think that ACE has a claim on the term "CBOR > > Token". While the term token is not used in RFC 7049, there are many > > tokens that could be expressed in CBOR or be used in applying CBOR to a > > problem. > > > > ACE CBOR Token is fine, though. > > (Or, better, CBOR ACE Token, CAT.) > > > > Grüße, Carsten > > > > _______________________________________________ > > COSE mailing list > > c...@ietf.org > > https://www.ietf.org/mailman/listinfo/cose > > _______________________________________________ > Ace mailing list > a...@ietf.org > https://www.ietf.org/mailman/listinfo/ace > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
