Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

Vittorio Bertocci <> Mon, 27 April 2020 08:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BD26C3A126E for <>; Mon, 27 Apr 2020 01:34:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IeQDpE912Bgq for <>; Mon, 27 Apr 2020 01:34:18 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4F3163A1290 for <>; Mon, 27 Apr 2020 01:34:06 -0700 (PDT)
Received: by with SMTP id s10so6758304plr.1 for <>; Mon, 27 Apr 2020 01:34:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-transfer-encoding:mime-version; bh=He6KEWWk2AJQYpWVf4ZHOpom4QKTCArUDluFpcNfE/I=; b=cJxwy2Usc0PXV1MNtQrAB7pugnGNkBTYgn71ywIZT3Ll4iwVXQ7i4APVOew55JHi+f ZIlss8qTKxjkOewFrMrRiEE3RVguc4KnmYED2MZF1CkHpymixbxNGZ1A/bJu6tHBg3RO lhqLO6gRD77Bq9m126uXJDbnBcj5b9SV8UuMyXm6b+hcJFC1dXqO1FZurG/MwETQhtOh jrylu+LwYWbg7OwXT5Co6j3+lPxkAhTTbVJpZVRvkXydAvGGUngAfgueT7oFiEbHDVoJ ZYUBIOAfYjKlOX+Igs0mBLakhINRNFsDgs2cIpi2vhBC0fmijYLwoGjv3nvTFhy7bx8m eyug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-transfer-encoding:mime-version; bh=He6KEWWk2AJQYpWVf4ZHOpom4QKTCArUDluFpcNfE/I=; b=MyGxUd4V29ugobOv/nQhd1RxM9YktkT7LXCKRghglzEZ1Gb3aNgoQmEJTcUTWevlAb cKa7lLUT9NQ6RRhOyFLq8u+VAJS4ZxvW1CLyc46016TeyPgQ0IooUYFnulR5sAs3ECbA xxFrPOehtrj2m/AlyaaRaunTfJmCG8Lh9xu4vYge7LftEvehjw1f1+Gl8nQD4g76CXDL MIVaXLt10Q4ZGrWmwC51rsd2YTSPNSuNP7xDgYyVXBXCPrFxARDmmIp6zglLv1mjNFqy oIxLM++/18LigmEtsIo/VPoWIGcRKGpbtkR2WLbegi/7bXSrA1eKTubQfyndNuiuAOCq jh+A==
X-Gm-Message-State: AGi0PubKlnJTkse3PcTksZeKesER7JX6DB5vWmsQ/uuLrnTHRGH4y2gP VZ3A5XdF41XmrKMpnPC2BZ5n4A==
X-Google-Smtp-Source: APiQypJJL46I8GKXF8Ad/19FqekqMvtF2YD4CK5xdSCPcXPcVhVQOXhzUUXduVtintTBX3Eao2e1DA==
X-Received: by 2002:a17:902:403:: with SMTP id 3mr22087480ple.102.1587976445273; Mon, 27 Apr 2020 01:34:05 -0700 (PDT)
Received: from ([2603:1036:120:1d::5]) by with ESMTPSA id b16sm6798092pft.191.2020. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Apr 2020 01:34:04 -0700 (PDT)
From: Vittorio Bertocci <>
To: Benjamin Kaduk <>, Vittorio Bertocci <>
CC: Mike Jones <>, oauth <>, Vittorio Bertocci <>
Thread-Topic: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"
Thread-Index: ATA3REUwwLM5q/LpIqzgbOsmuIv70TA1OEMxNDI3MjTIpxkuRA==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Mon, 27 Apr 2020 08:34:03 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Apr 2020 08:34:21 -0000

Thank you for bringing this up Benjamin, you saved me from a long wild goose chase!
It' good to know that there's a new rfc format version, but I am a bit worried about venturing there given that I am barely managing the v2 as it is __ v3 still feels pretty experimental, and other than this issue, this spec doesn't give a lot of opportunities to take advantage of the new features (SVG etc).  
Wondering whether I can find a periphrase to express the same notion without triggering the script, e.g. omitting the word section or changing the order.

On 4/24/20, 19:02, "Benjamin Kaduk" <> wrote:

    Just on the xml2rfc bits...
    On Wed, Apr 22, 2020 at 07:26:40AM +0000, Vittorio Bertocci wrote:
    > > Link to section 4.1.2 of SCIM Core is actually linking to section 4.1.2 of this doc.
    > Oh wow. That’s a feature of XML2RFC,… my source simply says by section 4.1.2 of SCIM Core  in a <t> block, and the processor interpret it as an internal link. I’ll need to dig on how to prevent that from happening for this instance. Good catch!
    The short form is "you can't".
    You're using the "v2" XML format for xml2rfc, which produces as various
    output formats text, pdf, and "htmlized" output.  The "htmlized" output is
    called that and not "html" because it's the result of taking the text
    output and running a script to turn common constructions in I-Ds and RFCs
    into hopefully-useful HTML formatting.  In this case, "Section N" outside
    of "Section N of [bracketed-reference]" is assumed to be "Section N of the
    current document", and that's all that the htmlization script is going to
    give you, since it's not working with the semantic richness of the XML
    We do, however, as of fairly recently have a "v3" XML format, which is
    capable of producing native HTML output that includes SVG figures and the
    other exciting features of "v3 XML".  For an example, see .
    I personally haven't done any v2-to-v3 conversions yet (too busy reading to
    have time to do much writing), but the FAQ entry for doing so is at
    Hope that helps,