Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

Vittorio Bertocci <> Mon, 27 April 2020 17:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B4953A12C0 for <>; Mon, 27 Apr 2020 10:48:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rdXgTybIrgtQ for <>; Mon, 27 Apr 2020 10:48:18 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BB4D83A12A6 for <>; Mon, 27 Apr 2020 10:48:18 -0700 (PDT)
Received: by with SMTP id e6so7738459pjt.4 for <>; Mon, 27 Apr 2020 10:48:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=hUHZmb0DSe3aSbw5D1fVbLP+Q4HSITMs0DUOPdWbhz4=; b=ZK61E2HKE6iubnmNqRdCqWZaG9RgwxDP/+Siyu+gMqwTfs5uprqMjukAvC3m6l5ivN 2hNjQ6LtIqAeasHzVTTyx0E0oV7f04qNBTmh1BlAM2vkkafC8DVmIf1u1XZxCMTFBwxZ nMELjCwlpFxPwyFR4JC4aTT9gNVI9UcT9+yNqYvWsMA3Yk9G/gLyx0L0WB2Kn7reFJ/h c6NLK/XLaz02nQ90OUr7efQxp2BB4OzKknbMQt71vCwCHw3yCX9zRmUIH2so6pLG5bei TEWyV+Wewaxt7QaBylWQJAUaiRsWVlLdjnI0cKlC3O60fLiE3pmUNbMreDpobsVH1YCb r41Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=hUHZmb0DSe3aSbw5D1fVbLP+Q4HSITMs0DUOPdWbhz4=; b=gsWZEWbyFEdUmkdROtOi9Sw/6X7RFdgd+KHAi7TmL8lk2ds+8JA1ZK5WSy98oSylhv uREoh4HU6kmcrQGYCTtuicxh0jxxoJv7k7jYnBdIy8grwWLFw5tc6HMF9uYmHTKL6EiY i76gPacH/HU/tNIhlsahGTHxxV7OCz4P1TtB2E6H5EI2ten5YpI030v1aue6COsdXgdf xLGz5j7p+Awt9O5FzrbPRSmQkEfQNxhpImVYALkcI6buEtA0/FZIB4Cj8JnhFk91np2/ sKZebSmOE9gVE0UEpAVkHiMtNDivmaaTu0Z8GCFiSzOe0X4hcg/zZ6n8VQiZO5rGKKPR H2Vw==
X-Gm-Message-State: AGi0PubAR+HX75B8sXO15ExuQEZG/8T5zVSluDLWgC2jFbG/hugxVfTo /xikRnzTtdCKHoj09zGyS3IbiA==
X-Google-Smtp-Source: APiQypJq2R355nwuZlIKcx7PUljDxOkiX8eLb/2aJRQN2I8W902P+N2/U67HMiqhiV3osEqWl0AOGA==
X-Received: by 2002:a17:902:b495:: with SMTP id y21mr23951831plr.111.1588009697674; Mon, 27 Apr 2020 10:48:17 -0700 (PDT)
Received: from ([2603:1036:120:1d::5]) by with ESMTPSA id m4sm12919886pfm.26.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Apr 2020 10:48:17 -0700 (PDT)
From: Vittorio Bertocci <>
To: Brian Campbell <>, Vittorio Bertocci <>
CC: oauth <>
Thread-Topic: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"
Thread-Index: ATQyNzI0nSApJGzn7Wo3R7pPiiSeHzA5MzIxwlL2p4CAAElpBA==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Mon, 27 Apr 2020 17:48:16 +0000
Message-ID: <>
References: <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_MWHPR19MB15012AA6CB49DB8818C792B4AEAF0MWHPR19MB1501namp_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Apr 2020 17:48:29 -0000

Thanks Brian, that appears to have worked!

From: OAuth <> on behalf of Brian Campbell <>
Date: Monday, April 27, 2020 at 06:26
To: Vittorio Bertocci <>
Cc: oauth <>
Subject: Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

This old thread has some discussion of working with/around that particular quirk of the htmlizing tool.

On Mon, Apr 27, 2020 at 2:34 AM Vittorio Bertocci <<>> wrote:
Thank you for bringing this up Benjamin, you saved me from a long wild goose chase!
It' good to know that there's a new rfc format version, but I am a bit worried about venturing there given that I am barely managing the v2 as it is __ v3 still feels pretty experimental, and other than this issue, this spec doesn't give a lot of opportunities to take advantage of the new features (SVG etc).
Wondering whether I can find a periphrase to express the same notion without triggering the script, e.g. omitting the word section or changing the order.

On 4/24/20, 19:02, "Benjamin Kaduk" <<>> wrote:

    Just on the xml2rfc bits...

    On Wed, Apr 22, 2020 at 07:26:40AM +0000, Vittorio Bertocci wrote:
    > > Link to section 4.1.2 of SCIM Core is actually linking to section 4.1.2 of this doc.
    > Oh wow. That’s a feature of XML2RFC,… my source simply says by section 4.1.2 of SCIM Core  in a <t> block, and the processor interpret it as an internal link. I’ll need to dig on how to prevent that from happening for this instance. Good catch!

    The short form is "you can't".

    You're using the "v2" XML format for xml2rfc, which produces as various
    output formats text, pdf, and "htmlized" output.  The "htmlized" output is
    called that and not "html" because it's the result of taking the text
    output and running a script to turn common constructions in I-Ds and RFCs
    into hopefully-useful HTML formatting.  In this case, "Section N" outside
    of "Section N of [bracketed-reference]" is assumed to be "Section N of the
    current document", and that's all that the htmlization script is going to
    give you, since it's not working with the semantic richness of the XML

    We do, however, as of fairly recently have a "v3" XML format, which is
    capable of producing native HTML output that includes SVG figures and the
    other exciting features of "v3 XML".  For an example, see .

    I personally haven't done any v2-to-v3 conversions yet (too busy reading to
    have time to do much writing), but the FAQ entry for doing so is at<>

    Hope that helps,


OAuth mailing list<>

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited..  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.