This is not an issue per se, but I did want to make a request for how profiles should perhaps be structured.
I wrote OA4MP and we support multiple profiles, RFC9068, SciTokens, WLCG and potentially more -- our goal is to allow clients to get whatever profile they need. The issue practically is that wherever these profiles overlap, there is a problem.
My proposal is to modularize them, so that, e.g. RFC 9068 is the basic format for access tokens, SciTokens extends that with specific scopes. WLCG adds capabilities and sets of them, and perhaps group/role management.
In this way implementors can choose which to use and not have issues with conflicts. In other words, my request is to have extensions profiles, not complete ones and have no overlap in profiles, allowing for multiple inheritance cleanly. This may also mean having a common claim replacing the version as a single string, with a list of supported profiles and their versions, e.g. something like
{... rest of the token
"profiles" : ["wlcg-1.1", "scitoken-2.1"]
}
This is not an issue per se, but I did want to make a request for how profiles should perhaps be structured.
I wrote OA4MP and we support multiple profiles, RFC9068, SciTokens, WLCG and potentially more -- our goal is to allow clients to get whatever profile they need. The issue practically is that wherever these profiles overlap, there is a problem.
My proposal is to modularize them, so that, e.g. RFC 9068 is the basic format for access tokens, SciTokens extends that with specific scopes. WLCG adds capabilities and sets of them, and perhaps group/role management.
In this way implementors can choose which to use and not have issues with conflicts. In other words, my request is to have extensions profiles, not complete ones and have no overlap in profiles, allowing for multiple inheritance cleanly. This may also mean having a common claim replacing the version as a single string, with a list of supported profiles and their versions, e.g. something like {... rest of the token "profiles" : ["wlcg-1.1", "scitoken-2.1"] }