[OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 23 April 2014 11:52 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 5C6D21A0339 for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 04:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id IAqdyfLcvICq for <oauth@ietfa.amsl.com>; Wed, 23 Apr 2014 04:52:19 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) by ietfa.amsl.com (Postfix) with ESMTP id 7F4C21A01C3 for <oauth@ietf.org>; Wed, 23 Apr 2014 04:52:19 -0700 (PDT)
Received: from [] ([]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MDn8s-1WhrOc2JGY-00H9mZ for <oauth@ietf.org>; Wed, 23 Apr 2014 13:52:12 +0200
Message-ID: <5357A89D.7000901@gmx.net>
Date: Wed, 23 Apr 2014 13:48:45 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="u4nLQuRDPwJoIr0a7ErbCR2qP7B5TVdkb"
X-Provags-ID: V03:K0:rGdr7IVoScm09UhvGwPVG2Ox6A5KdNNTjerMQR94o4/L7esvVE2 PeN/+BWp0bIJDmfRMm8sRzd/qxI45cWvb0BhXAoQ4yMrYBo/JW57S9B2czxaPo0+/sQD3XM dmFCwNZKDgYNPf7gDHUY0cXqZ9WpERNYIO5IAftMYN4ABsFoREWB/MbNxOYsH/adoRGtyLz kibYqUx3sy4zWF4wsQ9Ng==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/BvvThwZJRnb-lo4-ygLmcL9KMmU
Subject: [OAUTH-WG] Minor questions regarding draft-ietf-oauth-json-web-token-19
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 11:52:21 -0000

Doing my shepherd write-up I had a few minor questions:

* Could you move the RFC 6755 reference to the normative reference
section? Reason: the IANA consideration section depends on the existence
of the urn:ietf:params:oauth registry.

* Could you move the JWK reference to the informative reference section?
Reason: The JWK is only used in an example and not essential to the
implementation or understanding of the specification.

* Would it be sufficient to reference RFC 7159 instead of the
[ECMAScript] reference?

* The document registers 'urn:ietf:params:oauth:token-type' and it is
used in the "type" header parameter.

The text, however, states that the value can also be set to jwt. Why
would someone prefer to use urn:ietf:params:oauth:token-type instead of
the much shorter jwt value?