I think that JARM is good and even feel that JARM should exist there from a logical perspective because JARM is to Authorization Response what Request Object is to Authorization Request. It is good that we don't have to use "ID Token as Detached Signature" (Financial-grade API Part 2) when JARM is used.
FWIW, I (Authlete) finished implementing JARM at the beginning of October, 2018, about a year and 3 months ago. Best Regards, Takahiko Kawasaki On Sat, Jan 18, 2020 at 5:22 AM Brian Campbell <bcampbell= 40pingidentity....@dmarc.ietf.org> wrote: > I'd be in favor of it. > > On Thu, Jan 16, 2020 at 9:28 AM Torsten Lodderstedt <torsten= > 40lodderstedt....@dmarc.ietf.org> wrote: > >> >> >> Am 16.01.2020 um 16:48 schrieb Justin Richer <jric...@mit.edu>: >> >> Maybe PAR and JAR (and JARM?) end up going out as a bundle of specs. >> >> >> Since Justin brought it up, I would like to know whether the community >> has appetite to standardize JARM as well. >> >> Here is the link to the spec: >> https://openid.net/specs/openid-financial-api-jarm-ID1.html >> >> What do you think? >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited.. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth