Prateek,
At this point, I would like to be a bit cautious about changing the claim
names as it would impact bunch of implementations that are potentially
being used by hundreds of millions of users now.
I am more open to change the text that defines "aud".
Currently, it goes:
4.1.3. "aud" (Aud
Agreed, Chuck - I need to respond to Brian's message of Feb 14 and
suggest proposed text for the draft. I plan to get to it in the next day
or two.
- prateek
Hey Prateek - and suggested improvements for the SAML Bearer draft?
On Mar 21, 2013, at 1:28 PM, prateek mishra wrote:
Mike, Nat -
I have no problem with the replacement of "audience" by "recepient,"
but whether this suggestion implemented or not, I would very much like
to see Prateeks elegant explanation of SAML terms and their relation to
those defined in OAuth retained somewhere in the document. This would
help later
Hey Prateek - and suggested improvements for the SAML Bearer draft?
On Mar 21, 2013, at 1:28 PM, prateek mishra wrote:
> Mike, Nat -
>
> I am honestly not sure what to propose in terms of wording
> clarification. has a specific meaning in SAML and thats different
> from its current meaning in
Mike, Nat -
I am honestly not sure what to propose in terms of wording
clarification. has a specific meaning in SAML and thats different
from its current meaning in OAuth. This issue becomes even more
confusing as the SAML assertion draft goes onto
redefine the meaning of . Its processing rule
well.. the aud term came from googler's use of the term and not saml.
I agree with Prateek that the intention of the jwt:aud is rather
similar to saml:destination.
JWT is imposing the processing rule on it while saml:audience is
mainly concerned about the liability.
Nat
2013/3/15 Mike Jones :
>
The JWT meaning of the term "audience" is intended to be the same as SAML.
Suggested wording clarifications would be welcomed.
-- Mike
-Original Message-
From: prateek mishra [mailto:prateek.mis...@oracle.com]
Sent: Thursday, March 14, 2013 11:53 AM
To:
Hannes - you make a good point.
I believe that the usage of "audience" in
http://www.ietf.org/id/draft-ietf-oauth-json-web-token-06.txt
also corresponds to rather than .
[quote-jwt06]
The aud (audience) claim identifies the audiences that the JWT is
intended for. Each principal
intended to pr