The JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the "typ" header parameter. For instance, the Security Event Token (SET) specification<http://self-issued.info/?p=1709> now uses the "application/secevent+jwt" content type to explicitly type SETs.
The specification is available at: * https://tools.ietf.org/html/draft-sheffer-oauth-jwt-bcp-01 An HTML-formatted version is also available at: * http://self-issued.info/docs/draft-sheffer-oauth-jwt-bcp-01.html -- Mike P.S. This notice was also posted at http://self-issued.info/?p=1714 and as @selfissued<https://twitter.com/selfissued>.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
