Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens

[Mike Jones <Michael.Jones@microsoft.com>]

I agree that if the two pieces of information in two fields are allowed to be different but happen to be the same, that both fields should be carried in the SET with identical values.  What I was talking about was the case in which two fields are required to be identical.  That's the case in which duplication is harmful.

                                                                -- Mike

From: Benjamin Kaduk [mailto:bkaduk@akamai.com]
Sent: Monday, March 6, 2017 4:55 PM
To: Mike Jones <Michael.Jones@microsoft.com>; Justin Richer <jricher@mit.edu>; Phil Hunt (IDM) <phil.hunt@oracle.com>
Cc: ID Events Mailing List <id-event@ietf.org>
Subject: Re: [Id-event] Thread: Clarifying use of sub and iss in SET tokens

On 03/06/2017 06:39 PM, Mike Jones wrote:

Justin, I suspect you didn't see my earlier reply to Phil's note that you also replied to, so I'm repeating it here and sending it to you directly.  (It wouldn't be the first time that DMARC policies caused some of my contributions to be not received by some participants. :-( )

Agreed that this is unclear.  Duplicating information in a protocol *always* introduces an unnecessary error case - the need to define how to handle the situation in which two pieces of information that are required to be identical are different.  Information in a SET should occur at most once.


That seems a dangerous road to tread, as it requires care in defining "information" -- duplicating the same data strings at different levels of the hierarchy of a JSON object may very well not be duplicating information, due to the extra context provided by the hierarchy.  In my mind, it's not a clear case that you should never send the same name/value multiple times in different parts of an object, as sometimes it is good to keep the semantic separation clear.

-Ben