I stand with Ben’s contention that introspection should be about getting
information :about: a token, and not about getting a new token. In fact, this
was one of the core issues that I had with the draft as originally proposed.
If there are problems with token exchange, they should be fixed
To be clear, PAR is not the same as XYZ. Both are going to be inputs into the
conversation under txauth, and there are similarities, but they shouldn’t be
conflated.
In PAR, the result has to be a URI because that’s what JAR defines as the
input. With XYZ, you get returned two things: a
I think that we need to define :some: common set to data elements in this spec,
in order to help people who are using this and trying to apply it to their APIs
do so in vaguely consistent ways. The details of which parts we standardize on
are still, I think, up for grabs. I’d be happy to have a
I'm not entirely sold on the draft attempting to define this set of common
data elements in the first place. But that said, I think (similar to
George?) I'm struggling with "data" more than the others. The definition in
the -02 draft is an "array of strings representing the kinds of data being
