On Mon, Dec 16, 2019 at 10:31 PM Vittorio Bertocci <Vittorio= 40auth0....@dmarc.ietf.org> wrote:
> Re: aliases, I see where the confusion is coming from! > I updated the request section, but the session 2.2 data structure still > mentions the aliases. That should be cleaned up as well. > In any case the intent was always to only allow a singe resource per AT, > the alias list was only for helping in cases where an AS identifies the > same resource thru multiple IDs and the actual aud value depends on what ID > the client requested. However we discussed this with Brian and he convinced > me that it was just too ambiguous- your remark reinforces that impression.. > I’ll clean up 2.2 and eliminate references to aliases from there as well. > Thanks! > Yes, please clean up sec 2.2. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
