Security Consideration: "As specified in the IUA profile, the IUA Authorization Client and Authorization Server actors SHALL support the JWS (signed) alternative of the JWT token."
Does that mean actions shall use JWS, or only support them? It is also unclear in IUA because they say "JWT token shall be signed as specified in JSON Web Signature [RFC7515]. If signed,[...]".
Security Consideration: "As specified in the IUA profile, the IUA Authorization Client and Authorization Server actors SHALL support the JWS (signed) alternative of the JWT token." Does that mean actions shall use JWS, or only support them? It is also unclear in IUA because they say "JWT token shall be signed as specified in JSON Web Signature [RFC7515]. If signed,[...]".