Open hshort opened 1 year ago
To find the recommendations for the typ
claim, I followed the references from https://www.rfc-editor.org/rfc/rfc9068.html#name-security-considerations to https://www.rfc-editor.org/rfc/rfc8725#section-2.8 to https://www.rfc-editor.org/rfc/rfc8725#section-3.11 (Use Explicit Typing).
And after that one we only need to nudge the community towards a "grp" claim and we're done! 🙂
From: hshort @.> Sent: Monday, April 24, 2023 4:07 PM To: WLCG-AuthZ-WG/common-jwt-profile @.> Cc: Subscribed @.***> Subject: [WLCG-AuthZ-WG/common-jwt-profile] Use RFC 9068 for token version (Issue #25)
Apparently RFC 9068 uses the standard JWT typ claim to identify the token version/type. It would be better to use this than our own "wlcg.ver" claim. This was raised by @jbasneyhttps://github.com/jbasney
— Reply to this email directly, view it on GitHubhttps://github.com/WLCG-AuthZ-WG/common-jwt-profile/issues/25, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADVMWCJDUZ3PYGIEH4YRRUDXC2CJVANCNFSM6AAAAAAXJUNHT4. You are receiving this because you are subscribed to this thread.Message ID: @.***>
better groups then: https://www.rfc-editor.org/rfc/rfc9068.html#section-2.2.3.1 But Brian has brought that up previously AFAIR
The "groups" syntax in their example looks usable, AFAICS:
Apparently RFC 9068 uses the standard JWT typ claim to identify the token version/type. It would be better to use this than our own "wlcg.ver" claim. This was raised by @jbasney