Re: [COSE] Consensus Call: Adoption of the COSE Token

[Erik Wahlström neXus <erik.wahlstrom@nexusgroup.com>]

+1
/ Erik

> On 17 Nov 2015, at 18:34, Göran Selander <goran.selander@ericsson.com> wrote:
> 
> I would like to withdraw my previous vote. With the assumption that CWT is
> defined as a 1-1 mapping of JWT (which is not how it was defined in the
> reference below) I don’t have a strong opinion about where it is defined.
> But ACE-specific claims of a JWT/CWT (such as D.1.10) should be defined in
> ACE. I believe the latter point of view aligns with that expressed by
> others.
> 
> Göran
> 
> 
> On 2015-11-09 10:20, "Göran Selander" <goran.selander@ericsson.com> wrote:
> 
>> I vote for C. It would be good if this work could be carried out where
>> there is both OAuth competence and constrained node network competence. I
>> believe ACE could be a match here since such competences will anyway be
>> required to evaluate
>> 
>> https://datatracker.ietf.org/doc/draft-seitz-ace-oauth-authz/
>> 
>> 
>> which is the preferred starting point for a solution according to the f2f
>> meeting. There is already some text on “CBOR Web Token" in appendix D.
>> 
>> Göran
>> 
>> 
>> On 2015-11-07 19:47, "Jim Schaad" <ietf@augustcellars.com> wrote:
>> 
>>> Either B or C.
>>> 
>>>> -----Original Message-----
>>>> From: COSE [mailto:cose-bounces@ietf.org] On Behalf Of Justin Richer
>>>> Sent: Saturday, November 07, 2015 12:02 AM
>>>> To: cose@ietf.org
>>>> Subject: [COSE] Consensus Call: Adoption of the COSE Token
>>>> 
>>>> At the Yokohama meeting, the chairs agreed to do a consensus call
>>>> regarding
>>>> the adoption and placement of new work to define a COSE Token,
>>>> analogous to
>>>> the JWT from JOSE. In the room, there was a general sentiment of
>>>> support for
>>>> the work being done, with the wide adoption of JWT and its driving of
>>>> JOSE
>>>> being a common theme of precedent. What wasn’t clear is where the work
>>>> should be done and to what end it should drive. The six positions we
>>>> are asking
>>>> the working group to consider and voice their support for are:
>>>> 
>>>> A) Define the COSE Token within the COSE working group along side the
>>>> COSE
>>>> Messages (and potentially COSE Auxiliary Algorithms) draft.
>>>> B) Define the COSE Token inside the OAuth working group.
>>>> C) Define the COSE Token inside the ACE working group.
>>>> D) Don’t define the COSE Token anywhere.
>>>> E) You need more information to decide.
>>>> F) You don’t give a flying rat about the COSE Token.*
>>>> 
>>>> The consensus call will remain open for two weeks from today, closing
>>>> on
>>>> November 21, 2015; at which time, hopefully we will have a clear answer
>>>> and
>>>> direction to point this work.
>>>> 
>>>> Thank you,
>>>> — Justin & Kepeng, your COSE chairs
>>>> 
>>>> * I promised those in the room at Yokohama to offer a flying rat
>>>> option, for
>>>> which I am deeply sorry.
>>>> _______________________________________________
>>>> COSE mailing list
>>>> COSE@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/cose
>>> 
>>> _______________________________________________
>>> COSE mailing list
>>> COSE@ietf.org
>>> https://www.ietf.org/mailman/listinfo/cose
>> 
>> _______________________________________________
>> COSE mailing list
>> COSE@ietf.org
>> https://www.ietf.org/mailman/listinfo/cose
> 
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose